-1.8.0b3 December 27, 2010 1
+1.8.0b3 December 28, 2010 1
-1.8.0b3 December 27, 2010 2
+1.8.0b3 December 28, 2010 2
-1.8.0b3 December 27, 2010 3
+1.8.0b3 December 28, 2010 3
-1.8.0b3 December 27, 2010 4
+1.8.0b3 December 28, 2010 4
-1.8.0b3 December 27, 2010 5
+1.8.0b3 December 28, 2010 5
-1.8.0b3 December 27, 2010 6
+1.8.0b3 December 28, 2010 6
-1.8.0b3 December 27, 2010 7
+1.8.0b3 December 28, 2010 7
-1.8.0b3 December 27, 2010 8
+1.8.0b3 December 28, 2010 8
If specified, s\bsu\bud\bdo\bo will close all files descriptors with a
value of _\bn_\bu_\bm_\bb_\be_\br or higher.
+ iolog_compress=bool
+ Set to true if the I/O logging plugins, if any, should
+ compress the log data. This is a hint to the I/O logging
+ plugin which may choose to ignore it.
+
+ iolog_dir=string
+ Fully qualified path to the directory in which I/O logs are
+ to be stored. This is a hint to the I/O logging plugin
+ which may choose to ignore it. If no I/O logging plugin is
+ loaded, this setting has no effect.
+
+ iolog_file=string
+ File name to use when I/O logging is enabled, relative to
+ _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br (may also contain directory components). This is
+ a hint to the I/O logging plugin which may choose to ignore
+ it. If no I/O logging plugin is loaded, this setting has
+ no effect.
+
iolog_stdin=bool
Set to true if the I/O logging plugins, if any, should log
the standard input if it is not connected to a terminal
is a hint to the I/O logging plugin which may choose to
ignore it.
- iolog_ttyout=bool
- Set to true if the I/O logging plugins, if any, should log
- all terminal output. This only includes output to the
- screen, not output to a pipe or file. This is a hint to
- the I/O logging plugin which may choose to ignore it.
-
- iolog_dir=string
- Fully qualified path to the directory in which I/O logs are
- to be stored. This is a hint to the I/O logging plugin
- which may choose to ignore it. If no I/O logging plugin is
- loaded, this setting has no effect.
-
- iolog_file=string
- File name to use when I/O logging is enabled, relative to
- _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br (may also contain directory components). This is
- a hint to the I/O logging plugin which may choose to ignore
- it. If no I/O logging plugin is loaded, this setting has
- no effect.
-1.8.0b3 December 27, 2010 9
+1.8.0b3 December 28, 2010 9
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ iolog_ttyout=bool
+ Set to true if the I/O logging plugins, if any, should log
+ all terminal output. This only includes output to the
+ screen, not output to a pipe or file. This is a hint to
+ the I/O logging plugin which may choose to ignore it.
+
use_pty=bool
Allocate a pseudo-tty to run the command in, regardless of
whether or not I/O logging is in use. By default, s\bsu\bud\bdo\bo
wishes to check against the policy in the same form as what
would be passed to the _\be_\bx_\be_\bc_\bv_\be_\b(_\b) system call. If the command is
permitted by the policy, the fully-qualified path to the
- command should be displayed along with any command line
- arguments.
- validate
- int (*validate)(void);
+1.8.0b3 December 28, 2010 10
-1.8.0b3 December 27, 2010 10
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ command should be displayed along with any command line
+ arguments.
+ validate
+ int (*validate)(void);
The validate function is called when s\bsu\bud\bdo\bo is run with the -v flag.
For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache authentication
_\bV_\be_\br_\bs_\bi_\bo_\bn _\bm_\ba_\bc_\br_\bo_\bs
- #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16)
- #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff)
- #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \
- *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \
- } while(0)
- #define SUDO_VERSION_SET_MINOR(vp, n) do { \
- *(vp) = (*(vp) & 0xffff0000) | (n); \
- } while(0)
- #define SUDO_API_VERSION_MAJOR 1
-1.8.0b3 December 27, 2010 11
+
+
+
+1.8.0b3 December 28, 2010 11
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ #define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16)
+ #define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff)
+ #define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \
+ *(vp) = (*(vp) & 0x0000ffff) | ((n) << 16); \
+ } while(0)
+ #define SUDO_VERSION_SET_MINOR(vp, n) do { \
+ *(vp) = (*(vp) & 0xffff0000) | (n); \
+ } while(0)
+
+ #define SUDO_API_VERSION_MAJOR 1
#define SUDO_API_VERSION_MINOR 0
#define SUDO_API_VERSION ((SUDO_API_VERSION_MAJOR << 16) | \
SUDO_API_VERSION_MINOR)
type
The type field should always be set to SUDO_IO_PLUGIN
- version
- The version field should be set to SUDO_API_VERSION.
-
- This allows s\bsu\bud\bdo\bo to determine the API version the plugin was built
- against.
-
- open
-
+1.8.0b3 December 28, 2010 12
-1.8.0b3 December 27, 2010 12
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ version
+ The version field should be set to SUDO_API_VERSION.
+ This allows s\bsu\bud\bdo\bo to determine the API version the plugin was built
+ against.
+ open
int (*open)(unsigned int version, sudo_conv_t conversation
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
- See the "Policy Plugin API" section for a list of all possible
- settings.
- user_info
- A vector of information about the user running the command in
- the form of "name=value" strings. The vector is terminated by
-
-
-1.8.0b3 December 27, 2010 13
+1.8.0b3 December 28, 2010 13
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ See the "Policy Plugin API" section for a list of all possible
+ settings.
+
+ user_info
+ A vector of information about the user running the command in
+ the form of "name=value" strings. The vector is terminated by
a NULL pointer.
When parsing _\bu_\bs_\be_\br_\b__\bi_\bn_\bf_\bo, the plugin should split on the f\bfi\bir\brs\bst\bt
int (*show_version)(int verbose);
The show_version function is called by s\bsu\bud\bdo\bo when the user specifies
- the -V option. The plugin may display its version information to
- the user via the conversation or plugin_printf function using
- SUDO_CONV_INFO_MSG. If the user requests detailed version
- information, the verbose flag will be set.
-
-
-1.8.0b3 December 27, 2010 14
+1.8.0b3 December 28, 2010 14
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ the -V option. The plugin may display its version information to
+ the user via the conversation or plugin_printf function using
+ SUDO_CONV_INFO_MSG. If the user requests detailed version
+ information, the verbose flag will be set.
+
log_ttyin
int (*log_ttyin)(const char *buf, unsigned int len);
len The length of _\bb_\bu_\bf in bytes.
- log_stdout
- int (*log_stdout)(const char *buf, unsigned int len);
-
- The _\bl_\bo_\bg_\b__\bs_\bt_\bd_\bo_\bu_\bt function is only used if the standard output does
- not correspond to a tty device. It is called whenever data can be
-1.8.0b3 December 27, 2010 15
+1.8.0b3 December 28, 2010 15
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ log_stdout
+ int (*log_stdout)(const char *buf, unsigned int len);
+
+ The _\bl_\bo_\bg_\b__\bs_\bt_\bd_\bo_\bu_\bt function is only used if the standard output does
+ not correspond to a tty device. It is called whenever data can be
read from the command but before it is written to the standard
output. This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content). Returns 1 if
-
-
-
-
-
-1.8.0b3 December 27, 2010 16
+1.8.0b3 December 28, 2010 16
-1.8.0b3 December 27, 2010 17
+1.8.0b3 December 28, 2010 17
-1.8.0b3 December 27, 2010 18
+1.8.0b3 December 28, 2010 18
-1.8.0b3 December 27, 2010 19
+1.8.0b3 December 28, 2010 19
.\" ========================================================================
.\"
.IX Title "SUDO_PLUGIN @mansectsu@"
-.TH SUDO_PLUGIN @mansectsu@ "December 27, 2010" "1.8.0b3" "MAINTENANCE COMMANDS"
+.TH SUDO_PLUGIN @mansectsu@ "December 28, 2010" "1.8.0b3" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.IX Item "closefrom=number"
If specified, \fBsudo\fR will close all files descriptors with a value
of \fInumber\fR or higher.
+.IP "iolog_compress=bool" 4
+.IX Item "iolog_compress=bool"
+Set to true if the I/O logging plugins, if any, should compress the
+log data. This is a hint to the I/O logging plugin which may choose
+to ignore it.
+.IP "iolog_dir=string" 4
+.IX Item "iolog_dir=string"
+Fully qualified path to the directory in which I/O logs are to be
+stored. This is a hint to the I/O logging plugin which may choose
+to ignore it. If no I/O logging plugin is loaded, this setting has
+no effect.
+.IP "iolog_file=string" 4
+.IX Item "iolog_file=string"
+File name to use when I/O logging is enabled, relative to \fIiolog_dir\fR
+(may also contain directory components).
+This is a hint to the I/O logging plugin which may choose to ignore
+it. If no I/O logging plugin is loaded, this setting has no effect.
.IP "iolog_stdin=bool" 4
.IX Item "iolog_stdin=bool"
Set to true if the I/O logging plugins, if any, should log the
terminal output. This only includes output to the screen, not
output to a pipe or file. This is a hint to the I/O logging plugin
which may choose to ignore it.
-.IP "iolog_dir=string" 4
-.IX Item "iolog_dir=string"
-Fully qualified path to the directory in which I/O logs are to be
-stored. This is a hint to the I/O logging plugin which may choose
-to ignore it. If no I/O logging plugin is loaded, this setting has
-no effect.
-.IP "iolog_file=string" 4
-.IX Item "iolog_file=string"
-File name to use when I/O logging is enabled, relative to \fIiolog_dir\fR
-(may also contain directory components).
-This is a hint to the I/O logging plugin which may choose to ignore
-it. If no I/O logging plugin is loaded, this setting has no effect.
.IP "use_pty=bool" 4
.IX Item "use_pty=bool"
Allocate a pseudo-tty to run the command in, regardless of whether
projects / sudo / commitdiff