-1.8.0b1 July 7, 2010 1
+1.8.0b1 August 12, 2010 1
-1.8.0b1 July 7, 2010 2
+1.8.0b1 August 12, 2010 2
conversation
A pointer to the conversation function that can be used by the
- plugin to interact with the user (see below).
+ plugin to interact with the user (see below). Returns 0 on
+ success and -1 on failure.
plugin_printf
A pointer to a printf-style function that may be used to
- display informational or error messages (see below).
+ display informational or error messages (see below). Returns
+ the number of characters printed on success and -1 on failure.
settings
A vector of user-supplied s\bsu\bud\bdo\bo settings in the form of
implied_shell=bool
If the user does not specify a program on the command line,
- s\bsu\bud\bdo\bo will pass the plugin the path to the user's shell and
- set _\bi_\bm_\bp_\bl_\bi_\be_\bd_\b__\bs_\bh_\be_\bl_\bl to true. This allows s\bsu\bud\bdo\bo with no
-1.8.0b1 July 7, 2010 3
+1.8.0b1 August 12, 2010 3
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ s\bsu\bud\bdo\bo will pass the plugin the path to the user's shell and
+ set _\bi_\bm_\bp_\bl_\bi_\be_\bd_\b__\bs_\bh_\be_\bl_\bl to true. This allows s\bsu\bud\bdo\bo with no
arguments to be used similarly to _\bs_\bu(1). If the plugin
does not to support this usage, it may return a value of -2
from the check_policy function, which will cause s\bsu\bud\bdo\bo to
If specified, the user has requested via the -C flag that
s\bsu\bud\bdo\bo close all files descriptors with a value of _\bn_\bu_\bm_\bb_\be_\br or
higher. The plugin may optionally pass this, or another
- value, back in the _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
-
-1.8.0b1 July 7, 2010 4
+1.8.0b1 August 12, 2010 4
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ value, back in the _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
+
Additional settings may be added in the future so the plugin
should silently ignore settings that it does not recognize.
of "name=value" strings.
When parsing _\bu_\bs_\be_\br_\b__\be_\bn_\bv, the plugin should split on the f\bfi\bir\brs\bst\bt
- equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
- itself but the _\bv_\ba_\bl_\bu_\be might.
-1.8.0b1 July 7, 2010 5
+1.8.0b1 August 12, 2010 5
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
+ itself but the _\bv_\ba_\bl_\bu_\be might.
+
close
void (*close)(int exit_status, int error);
into _\ba_\br_\bg_\bv_\b__\bo_\bu_\bt, separated from the editor and its arguments by a
"--" element. The "--" will be removed by s\bsu\bud\bdo\bo before the editor
is executed. The plugin should also set _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt_\b=_\bt_\br_\bu_\be in the
- _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
-
- The _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by function returns 1 if the command is allowed, 0 if
-1.8.0b1 July 7, 2010 6
+1.8.0b1 August 12, 2010 6
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
+
+ The _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by function returns 1 if the command is allowed, 0 if
not allowed, -1 for a general error, or -2 for a usage error or if
s\bsu\bud\bdo\boe\bed\bdi\bit\bt was specified but is unsupported by the plugin. In the
latter case, s\bsu\bud\bdo\bo will print a usage message before it exits. If
runas_gid=gid
Group ID to run the command as.
- runas_egid=gid
- Effective group ID to run the command as. If not
- specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bg_\bi_\bd is used.
-1.8.0b1 July 7, 2010 7
+1.8.0b1 August 12, 2010 7
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ runas_egid=gid
+ Effective group ID to run the command as. If not
+ specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bg_\bi_\bd is used.
+
runas_groups=list
The supplementary group vector to use for the command in
the form of a comma-separated list of group IDs. If
transparently enable _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt when the user attempts to run
an editor.
- closefrom=number
- If specified, s\bsu\bud\bdo\bo will close all files descriptors with a
- value of _\bn_\bu_\bm_\bb_\be_\br or higher.
- Unsupported values will be ignored.
-1.8.0b1 July 7, 2010 8
+1.8.0b1 August 12, 2010 8
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ closefrom=number
+ If specified, s\bsu\bud\bdo\bo will close all files descriptors with a
+ value of _\bn_\bu_\bm_\bb_\be_\br or higher.
+
+ Unsupported values will be ignored.
+
argv_out
The NULL-terminated argument vector to pass to the _\be_\bx_\be_\bc_\bv_\be_\b(_\b)
system call when executing the command. The plugin is
The validate function is called when s\bsu\bud\bdo\bo is run with the -v flag.
For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache authentication
- credentials, this function will validate and cache the credentials.
- The validate function should be NULL if the plugin does not support
- credential caching.
- Returns 1 on success, 0 on failure and -1 on error. On error, the
+1.8.0b1 August 12, 2010 9
-1.8.0b1 July 7, 2010 9
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ credentials, this function will validate and cache the credentials.
+ The validate function should be NULL if the plugin does not support
+ credential caching.
+ Returns 1 on success, 0 on failure and -1 on error. On error, the
plugin may optionally call the conversation or plugin_printf
function with SUDO_CONF_ERROR_MSG to present additional error
information to the user.
#define SUDO_API_VERSION_MAJOR 1
#define SUDO_API_VERSION_MINOR 0
#define SUDO_API_VERSION ((SUDO_API_VERSION_MAJOR << 16) | \
- SUDO_API_VERSION_MINOR)
-
- I\bI/\b/O\bO P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
-
-
-
-1.8.0b1 July 7, 2010 10
+1.8.0b1 August 12, 2010 10
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ SUDO_API_VERSION_MINOR)
+
+ I\bI/\b/O\bO P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
struct io_plugin {
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
char * const user_info[], int argc, char * const argv[],
char * const user_env[]);
- The _\bo_\bp_\be_\bn function is run before the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt, _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt or
- _\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn functions are called. It is only called if the
-
-1.8.0b1 July 7, 2010 11
+1.8.0b1 August 12, 2010 11
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ The _\bo_\bp_\be_\bn function is run before the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt, _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt or
+ _\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn functions are called. It is only called if the
version is being requested or the _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by function has
returned successfully. It returns 1 on success, 0 on failure, -1
if a general error occurred, or -2 if there was a usage error. In
A pointer to the conversation function that may be used by the
_\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn function to display version information (see
show_version below). The conversation function may also be
- used to display additional error message to the user.
+ used to display additional error message to the user. The
+ conversation function returns 0 on success and -1 on failure.
plugin_printf
A pointer to a printf-style function that may be used by the
_\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn function to display version information (see
show_version below). The plugin_printf function may also be
- used to display additional error message to the user.
+ used to display additional error message to the user. The
+ plugin_printf function returns number of characters printed on
+ success and -1 on failure.
settings
A vector of user-supplied s\bsu\bud\bdo\bo settings in the form of
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
- See the "Policy Plugin API" section for a list of all possible
- strings.
-
-
-
-1.8.0b1 July 7, 2010 12
+1.8.0b1 August 12, 2010 12
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ See the "Policy Plugin API" section for a list of all possible
+ strings.
+
argc
The number of elements in _\ba_\br_\bg_\bv, not counting the final NULL
pointer.
user but before it is passed to the running command. This allows
the plugin to reject data if it chooses to (for instance if the
input contains banned content). Returns 1 if the data should be
- passed to the command, 0 if the data is rejected (which will
- terminate the command) or -1 if an error occurred.
-
-1.8.0b1 July 7, 2010 13
+1.8.0b1 August 12, 2010 13
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ passed to the command, 0 if the data is rejected (which will
+ terminate the command) or -1 if an error occurred.
+
The function arguments are as follows:
buf The buffer containing user input.
The function arguments are as follows:
- buf The buffer containing command output.
-
-
-1.8.0b1 July 7, 2010 14
+1.8.0b1 August 12, 2010 14
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ buf The buffer containing command output.
+
len The length of _\bb_\bu_\bf in bytes.
log_stderr
typedef int (*sudo_conv_t)(int num_msgs,
const struct sudo_conv_message msgs[],
- struct sudo_conv_reply replies[]);
-
-1.8.0b1 July 7, 2010 15
+1.8.0b1 August 12, 2010 15
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ struct sudo_conv_reply replies[]);
+
typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...);
Pointers to the conversation and printf-style functions are passed in
int (*init)(int version, sudo_printf_t plugin_printf,
char *const argv[]);
- The _\bi_\bn_\bi_\bt function is called after _\bs_\bu_\bd_\bo_\be_\br_\bs has been parsed but
- before any policy checks. It returns 1 on success, 0 on failure
-1.8.0b1 July 7, 2010 16
+1.8.0b1 August 12, 2010 16
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ The _\bi_\bn_\bi_\bt function is called after _\bs_\bu_\bd_\bo_\be_\br_\bs has been parsed but
+ before any policy checks. It returns 1 on success, 0 on failure
(or if the plugin is not configured), and -1 if a error occurred.
If an error occurs, the plugin may call the plugin_printf function
with SUDO_CONF_ERROR_MSG to present additional error information to
plugin_printf
A pointer to a printf-style function that may be used to
- display informational or error message to the user.
+ display informational or error message to the user. Returns
+ the number of characters printed on success and -1 on failure.
argv
A NULL-terminated array of arguments generated from the
_\bV_\be_\br_\bs_\bi_\bo_\bn _\bM_\ba_\bc_\br_\bo_\bs
- /* Sudoers group plugin version major/minor */
- #define GROUP_API_VERSION_MAJOR 1
- #define GROUP_API_VERSION_MINOR 0
- #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \
- GROUP_API_VERSION_MINOR)
-1.8.0b1 July 7, 2010 17
+
+
+1.8.0b1 August 12, 2010 17
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ /* Sudoers group plugin version major/minor */
+ #define GROUP_API_VERSION_MAJOR 1
+ #define GROUP_API_VERSION_MINOR 0
+ #define GROUP_API_VERSION ((GROUP_API_VERSION_MAJOR << 16) | \
+ GROUP_API_VERSION_MINOR)
/* Getters and setters for group version */
#define GROUP_API_VERSION_GET_MAJOR(v) ((v) >> 16)
-
-
-
-
-
-1.8.0b1 July 7, 2010 18
+1.8.0b1 August 12, 2010 18
projects / sudo / commitdiff