|
version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.5, 2013/10/14 07:56:34
|
|
Line 16
|
Line 16
|
| .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
.\" |
| .TH "SUDO_PLUGIN" "5" "March 5, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" | .TH "SUDO_PLUGIN" "5" "August 16, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" |
| .nh |
.nh |
| .if n .ad l |
.if n .ad l |
| .SH "NAME" |
.SH "NAME" |
|
Line 322 the
|
Line 322 the
|
| \fB\-p\fR |
\fB\-p\fR |
| flag. |
flag. |
| .TP 6n |
.TP 6n |
| |
remote_host=string |
| |
The name of the remote host to run the command on, if specified via |
| |
the |
| |
\fB\-h\fR |
| |
option. |
| |
Support for running the command on a remote host is meant to be implemented |
| |
via a helper program that is executed in place of the user-specified command. |
| |
The |
| |
\fBsudo\fR |
| |
front end is only capable of executing commands on the local host. |
| |
Only available starting with API version 1.4. |
| |
.TP 6n |
| run_shell=bool |
run_shell=bool |
| Set to true if the user specified the |
Set to true if the user specified the |
| \fB\-s\fR |
\fB\-s\fR |
| flag, indicating that | flag, indicating that the user wishes to run a shell. |
| the user wishes to run a shell. | |
| .TP 6n |
.TP 6n |
| runas_group=string |
runas_group=string |
| The group name or gid to to run the command as, if specified via | The group name or gid to run the command as, if specified via |
| the |
the |
| \fB\-g\fR |
\fB\-g\fR |
| flag. |
flag. |
| .TP 6n |
.TP 6n |
| runas_user=string |
runas_user=string |
| The user name or uid to to run the command as, if specified via the | The user name or uid to run the command as, if specified via the |
| \fB\-u\fR |
\fB\-u\fR |
| flag. |
flag. |
| .TP 6n |
.TP 6n |
|
Line 441 pgid=int
|
Line 452 pgid=int
|
| The ID of the process group that the running |
The ID of the process group that the running |
| \fBsudo\fR |
\fBsudo\fR |
| process is a member of. |
process is a member of. |
| Only available starting with API version 1.2 | Only available starting with API version 1.2. |
| .TP 6n |
.TP 6n |
| pid=int |
pid=int |
| The process ID of the running |
The process ID of the running |
| \fBsudo\fR |
\fBsudo\fR |
| process. |
process. |
| Only available starting with API version 1.2 | Only available starting with API version 1.2. |
| .TP 6n |
.TP 6n |
| plugin_options |
plugin_options |
| Any (non-comment) strings immediately after the plugin path are |
Any (non-comment) strings immediately after the plugin path are |
|
Line 480 ppid=int
|
Line 491 ppid=int
|
| The parent process ID of the running |
The parent process ID of the running |
| \fBsudo\fR |
\fBsudo\fR |
| process. |
process. |
| Only available starting with API version 1.2 | Only available starting with API version 1.2. |
| .TP 6n |
.TP 6n |
| sid=int |
sid=int |
| The session ID of the running |
The session ID of the running |
|
Line 488 The session ID of the running
|
Line 499 The session ID of the running
|
| process or 0 if |
process or 0 if |
| \fBsudo\fR |
\fBsudo\fR |
| is not part of a POSIX job control session. |
is not part of a POSIX job control session. |
| Only available starting with API version 1.2 | Only available starting with API version 1.2. |
| .TP 6n |
.TP 6n |
| tcpgid=int |
tcpgid=int |
| The ID of the foreground process group associated with the terminal |
The ID of the foreground process group associated with the terminal |
|
Line 496 device associated with the
|
Line 507 device associated with the
|
| \fBsudo\fR |
\fBsudo\fR |
| process or \-1 if there is no |
process or \-1 if there is no |
| terminal present. |
terminal present. |
| Only available starting with API version 1.2 | Only available starting with API version 1.2. |
| .TP 6n |
.TP 6n |
| tty=string |
tty=string |
| The path to the user's terminal device. |
The path to the user's terminal device. |
|
Line 2162 return SUDO_HOOK_RET_STOP;
|
Line 2173 return SUDO_HOOK_RET_STOP;
|
| } while(0) |
} while(0) |
| .RE |
.RE |
| .fi |
.fi |
| |
.SS "Remote command execution" |
| |
The |
| |
\fBsudo\fR |
| |
front end does not have native support for running remote commands. |
| |
However, starting with |
| |
\fBsudo\fR |
| |
1.8.8, the |
| |
\fB\-h\fR |
| |
option may be used to specify a remote host that is passed |
| |
to the policy plugin. |
| |
A plugin may also accept a |
| |
\fIrunas_user\fR |
| |
in the form of |
| |
``user@hostname'' |
| |
which will work with older versions of |
| |
\fBsudo\fR. |
| |
It is anticipated that remote commands will be supported by executing a |
| |
``helper'' |
| |
program. |
| |
The policy plugin should setup the execution environment such that the |
| |
\fBsudo\fR |
| |
front end will run the helper which, in turn, will connect to the |
| |
remote host and run the command. |
| |
.PP |
| |
For example, the policy plugin could utilize |
| |
\fBssh\fR |
| |
to perform remote command execution. |
| |
The helper program would be responsible for running |
| |
\fBssh\fR |
| |
with the proper options to use a private key or certificate |
| |
that the remote host will accept and run a program |
| |
on the remote host that would setup the execution environment |
| |
accordingly. |
| |
.PP |
| |
Note that remote |
| |
\fBsudoedit\fR |
| |
functionality must be handled by the policy plugin, not |
| |
\fBsudo\fR |
| |
itself as the front end has no knowledge that a remote command is |
| |
being executed. |
| |
This may be addressed in a future revision of the plugin API. |
| .SS "Conversation API" |
.SS "Conversation API" |
| If the plugin needs to interact with the user, it may do so via the |
If the plugin needs to interact with the user, it may do so via the |
| \fBconversation\fR() |
\fBconversation\fR() |
|
Line 2193 struct sudo_conv_message {
|
Line 2245 struct sudo_conv_message {
|
| const char *msg; |
const char *msg; |
| }; |
}; |
| |
|
| |
#define SUDO_CONV_REPL_MAX 255 |
| |
|
| struct sudo_conv_reply { |
struct sudo_conv_reply { |
| char *reply; |
char *reply; |
| }; |
}; |
|
Line 2227 and
|
Line 2281 and
|
| \fRstruct sudo_conv_reply\fR |
\fRstruct sudo_conv_reply\fR |
| for |
for |
| each message in the conversation. |
each message in the conversation. |
| The plugin is responsible for freeing the reply buffer filled in to the | The plugin is responsible for freeing the reply buffer located in each |
| \fRstruct sudo_conv_reply\fR, |
\fRstruct sudo_conv_reply\fR, |
| if any. | if it is not |
| | \fRNULL\fR. |
| | \fRSUDO_CONV_REPL_MAX\fR |
| | represents the maximum length of the reply buffer (not including |
| | the trailing NUL character). |
| | In practical terms, this is the longest password |
| | \fBsudo\fR |
| | will support. |
| | It is also useful as a maximum value for the |
| | \fBmemset_s\fR() |
| | function when clearing passwords filled in by the conversation function. |
| .PP |
.PP |
| The |
The |
| \fBprintf\fR()-style |
\fBprintf\fR()-style |
|
Line 2524 The
|
Line 2588 The
|
| \fBsudo\fR |
\fBsudo\fR |
| front end now installs default signal handlers to trap common signals |
front end now installs default signal handlers to trap common signals |
| while the plugin functions are run. |
while the plugin functions are run. |
| |
.TP 6n |
| |
Version 1.4 (sudo 1.8.8) |
| |
The |
| |
\fIremote_host\fR |
| |
entry was added to the |
| |
\fRsettings\fR |
| |
list. |
| .SH "SEE ALSO" |
.SH "SEE ALSO" |
| sudo.conf(@mansectform@), |
sudo.conf(@mansectform@), |
| sudoers(@mansectform@), |
sudoers(@mansectform@), |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo_plugin.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc