version 1.1.1.3, 2013/10/14 07:56:34
|
version 1.1.1.4, 2014/06/15 16:12:54
|
Line 14
|
Line 14
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" |
.\" |
.Dd August 16, 2013 | .Dd December 20, 2013 |
.Dt SUDO_PLUGIN @mansectform@ |
.Dt SUDO_PLUGIN @mansectform@ |
.Os Sudo @PACKAGE_VERSION@ |
.Os Sudo @PACKAGE_VERSION@ |
.Sh NAME |
.Sh NAME |
Line 25 Starting with version 1.8,
|
Line 25 Starting with version 1.8,
|
.Nm sudo |
.Nm sudo |
supports a plugin API |
supports a plugin API |
for policy and session logging. |
for policy and session logging. |
|
Plugins may be compiled as dynamic shared objects (the default on |
|
systems that support them) or compiled statically into the |
|
.Nm sudo |
|
binary itself. |
By default, the |
By default, the |
.Nm sudoers |
.Nm sudoers |
policy plugin and an associated I/O logging plugin are used. |
policy plugin and an associated I/O logging plugin are used. |
Line 135 function that can be used by the plugin to interact wi
|
Line 139 function that can be used by the plugin to interact wi
|
Returns 0 on success and \-1 on failure. |
Returns 0 on success and \-1 on failure. |
.It plugin_printf |
.It plugin_printf |
A pointer to a |
A pointer to a |
.Fn printf Ns No -style | .Fn printf Ns -style |
function that may be used to display informational or error messages |
function that may be used to display informational or error messages |
(see below). |
(see below). |
Returns the number of characters printed on success and \-1 on failure. |
Returns the number of characters printed on success and \-1 on failure. |
Line 184 The plugin may optionally pass this, or another value,
|
Line 188 The plugin may optionally pass this, or another value,
|
list. |
list. |
.It debug_flags=string |
.It debug_flags=string |
A comma-separated list of debug flags that correspond to |
A comma-separated list of debug flags that correspond to |
.Nm sudo Ns No 's | .Nm sudo Ns 's |
.Li Debug |
.Li Debug |
entry in |
entry in |
.Xr sudo.conf @mansectform@ , |
.Xr sudo.conf @mansectform@ , |
Line 196 The syntax used by
|
Line 200 The syntax used by
|
and the |
and the |
.Nm sudoers |
.Nm sudoers |
plugin is |
plugin is |
.Em subsystem Ns No @ Ns Em priority | .Em subsystem Ns @ Ns Em priority |
but the plugin is free to use a different |
but the plugin is free to use a different |
format so long as it does not include a comma |
format so long as it does not include a comma |
.Pq Ql ,\& . |
.Pq Ql ,\& . |
Line 413 Any (non-comment) strings immediately after the plugin
|
Line 417 Any (non-comment) strings immediately after the plugin
|
passed as arguments to the plugin. |
passed as arguments to the plugin. |
These arguments are split on a white space boundary and are passed to |
These arguments are split on a white space boundary and are passed to |
the plugin in the form of a |
the plugin in the form of a |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
array of strings. |
array of strings. |
If no arguments were |
If no arguments were |
specified, |
specified, |
Line 467 The name of the user invoking
|
Line 471 The name of the user invoking
|
.El |
.El |
.It user_env |
.It user_env |
The user's environment in the form of a |
The user's environment in the form of a |
.Dv NULL Ns No -terminated vector of | .Dv NULL Ns -terminated vector of |
.Dq name=value |
.Dq name=value |
strings. |
strings. |
.Pp |
.Pp |
Line 654 pointer.
|
Line 658 pointer.
|
.It env_add |
.It env_add |
Additional environment variables specified by the user on the command |
Additional environment variables specified by the user on the command |
line in the form of a |
line in the form of a |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
vector of |
vector of |
.Dq name=value |
.Dq name=value |
strings. |
strings. |
Line 804 The nice value, if specified, overrides the priority a
|
Line 808 The nice value, if specified, overrides the priority a
|
on BSD systems. |
on BSD systems. |
.It noexec=bool |
.It noexec=bool |
If set, prevent the command from executing other programs. |
If set, prevent the command from executing other programs. |
|
.It preserve_fds=list |
|
A comma-separated list of file descriptors that should be |
|
preserved, regardless of the value of the |
|
.Em closefrom |
|
setting. |
|
Only available starting with API version 1.5. |
.It preserve_groups=bool |
.It preserve_groups=bool |
If set, |
If set, |
.Nm sudo |
.Nm sudo |
Line 879 the invoking user's existing entry.
|
Line 889 the invoking user's existing entry.
|
Unsupported values will be ignored. |
Unsupported values will be ignored. |
.It argv_out |
.It argv_out |
The |
The |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
argument vector to pass to the |
argument vector to pass to the |
.Xr execve 2 |
.Xr execve 2 |
system call when executing the command. |
system call when executing the command. |
The plugin is responsible for allocating and populating the vector. |
The plugin is responsible for allocating and populating the vector. |
.It user_env_out |
.It user_env_out |
The |
The |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
environment vector to use when executing the command. |
environment vector to use when executing the command. |
The plugin is responsible for allocating and populating the vector. |
The plugin is responsible for allocating and populating the vector. |
.El |
.El |
Line 1036 The
|
Line 1046 The
|
.Em user_env |
.Em user_env |
argument points to the environment the command will |
argument points to the environment the command will |
run in, in the form of a |
run in, in the form of a |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
vector of |
vector of |
.Dq name=value |
.Dq name=value |
strings. |
strings. |
Line 1320 The
|
Line 1330 The
|
function returns 0 on success and \-1 on failure. |
function returns 0 on success and \-1 on failure. |
.It plugin_printf |
.It plugin_printf |
A pointer to a |
A pointer to a |
.Fn printf Ns No -style | .Fn printf Ns -style |
function that may be used by the |
function that may be used by the |
.Fn show_version |
.Fn show_version |
function to display version information (see |
function to display version information (see |
Line 1400 wishes to run in the same form as what would be passed
|
Line 1410 wishes to run in the same form as what would be passed
|
system call. |
system call. |
.It user_env |
.It user_env |
The user's environment in the form of a |
The user's environment in the form of a |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
vector of |
vector of |
.Dq name=value |
.Dq name=value |
strings. |
strings. |
Line 1422 Any (non-comment) strings immediately after the plugin
|
Line 1432 Any (non-comment) strings immediately after the plugin
|
treated as arguments to the plugin. |
treated as arguments to the plugin. |
These arguments are split on a white space boundary and are passed to |
These arguments are split on a white space boundary and are passed to |
the plugin in the form of a |
the plugin in the form of a |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
array of strings. |
array of strings. |
If no arguments were specified, |
If no arguments were specified, |
.Em plugin_options |
.Em plugin_options |
Line 1916 The caller must include a trailing newline in
|
Line 1926 The caller must include a trailing newline in
|
if one is to be printed. |
if one is to be printed. |
.Pp |
.Pp |
A |
A |
.Fn printf Ns No -style | .Fn printf Ns -style |
function is also available that can be used to display informational |
function is also available that can be used to display informational |
or error messages to the user, which is usually more convenient for |
or error messages to the user, which is usually more convenient for |
simple messages where no use input is required. |
simple messages where no use input is required. |
Line 1950 typedef int (*sudo_printf_t)(int msg_type, const char
|
Line 1960 typedef int (*sudo_printf_t)(int msg_type, const char
|
Pointers to the |
Pointers to the |
.Fn conversation |
.Fn conversation |
and |
and |
.Fn printf Ns No -style | .Fn printf Ns -style |
functions are passed |
functions are passed |
in to the plugin's |
in to the plugin's |
.Fn open |
.Fn open |
Line 1984 It is also useful as a maximum value for the
|
Line 1994 It is also useful as a maximum value for the
|
function when clearing passwords filled in by the conversation function. |
function when clearing passwords filled in by the conversation function. |
.Pp |
.Pp |
The |
The |
.Fn printf Ns No -style | .Fn printf Ns -style |
function uses the same underlying mechanism as the |
function uses the same underlying mechanism as the |
.Fn conversation |
.Fn conversation |
function but only supports |
function but only supports |
Line 2100 major and minor version number of the group plugin API
|
Line 2110 major and minor version number of the group plugin API
|
.Nm sudoers . |
.Nm sudoers . |
.It plugin_printf |
.It plugin_printf |
A pointer to a |
A pointer to a |
.Fn printf Ns No -style | .Fn printf Ns -style |
function that may be used to display informational or error message to the user. |
function that may be used to display informational or error message to the user. |
Returns the number of characters printed on success and \-1 on failure. |
Returns the number of characters printed on success and \-1 on failure. |
.It argv |
.It argv |
A |
A |
.Dv NULL Ns No -terminated | .Dv NULL Ns -terminated |
array of arguments generated from the |
array of arguments generated from the |
.Em group_plugin |
.Em group_plugin |
option in |
option in |
Line 2248 The
|
Line 2258 The
|
.Em remote_host |
.Em remote_host |
entry was added to the |
entry was added to the |
.Li settings |
.Li settings |
|
list. |
|
.It Version 1.5 (sudo 1.8.9) |
|
The |
|
.em preserve_fds |
|
entry was added to the |
|
.Li command_info |
list. |
list. |
.El |
.El |
.Sh SEE ALSO |
.Sh SEE ALSO |