-1.8.0a1 May 5, 2010 1
+1.8.0a1 May 13, 2010 1
const char *list_user);
int (*validate)(void);
void (*invalidate)(int remove);
+ int (*check_sudoedit)(int argc, char * const argv[],
+ char *env_add[], char **command_info[],
+ char **argv_out[], char **user_env_out[]);
};
The policy_plugin struct has the following fields:
A pointer to the conversation function that can be used by the
plugin to interact with the user (see below).
- plugin_printf
- A pointer to a printf-style function that may be used to
-
-1.8.0a1 May 5, 2010 2
+1.8.0a1 May 13, 2010 2
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ plugin_printf
+ A pointer to a printf-style function that may be used to
display informational or error messages (see below).
settings
from the check_policy function, which will cause s\bsu\bud\bdo\bo to
print a usage message and exit.
- preserve_groups=bool
- Set to true if the user specified the -P flag, indicating
- that the user wishes to preserve the group vector instead
-1.8.0a1 May 5, 2010 3
+
+1.8.0a1 May 13, 2010 3
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ preserve_groups=bool
+ Set to true if the user specified the -P flag, indicating
+ that the user wishes to preserve the group vector instead
of setting it based on the runas user.
ignore_ticket=bool
uid=uid_t
The real user ID of the user invoking s\bsu\bud\bdo\bo.
- gid=gid_t
- The real group ID of the user invoking s\bsu\bud\bdo\bo.
-
-1.8.0a1 May 5, 2010 4
+1.8.0a1 May 13, 2010 4
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ gid=gid_t
+ The real group ID of the user invoking s\bsu\bud\bdo\bo.
+
groups=list
The user's supplementary group list formatted as a string
of comma-separated group IDs.
If the command could not be executed, this is set to the value
of errno set by the _\be_\bx_\be_\bc_\bv_\be(2) system call. The plugin is
responsible for displaying error information via the
- conversation or plugin_printf function. If the command was
- successfully executed, the value of error is 0.
-
-1.8.0a1 May 5, 2010 5
+1.8.0a1 May 13, 2010 5
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ conversation or plugin_printf function. If the command was
+ successfully executed, the value of error is 0.
+
show_version
int (*show_version)(int verbose);
execution environment when running a command. The plugin is
responsible for creating and populating the vector, which must
be terminated with a NULL pointer. The following values are
- recognized by s\bsu\bud\bdo\bo:
-
-
-1.8.0a1 May 5, 2010 6
+1.8.0a1 May 13, 2010 6
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ recognized by s\bsu\bud\bdo\bo:
+
command=string
Fully qualified path to the command to be executed.
selinux_role=string
SELinux role to use when executing the command.
- selinux_type=string
- SELinux type to use when executing the command.
-1.8.0a1 May 5, 2010 7
+1.8.0a1 May 13, 2010 7
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ selinux_type=string
+ SELinux type to use when executing the command.
+
timeout=int
Command timeout. If non-zero then when the timeout expires
the command will be killed.
validate
int (*validate)(void);
- The validate function is called when s\bsu\bud\bdo\bo is run with the -v flag.
- For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache authentication
-
-1.8.0a1 May 5, 2010 8
+1.8.0a1 May 13, 2010 8
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+ The validate function is called when s\bsu\bud\bdo\bo is run with the -v flag.
+ For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache authentication
credentials, this function will validate and cache the credentials.
The validate function should be NULL if the plugin does not support
The invalidate function should be NULL if the plugin does not
support credential caching.
+ check_sudoedit
+ int (*check_sudoedit)(int argc, char * const argv[]
+ char *env_add[], char **command_info[],
+ char **argv_out[], char **user_env_out[]);
+
+ The _\bc_\bh_\be_\bc_\bk_\b__\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt function is called instead of _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by when
+ s\bsu\bud\bdo\bo is invoked as s\bsu\bud\bdo\boe\bed\bdi\bit\bt or with the -e flag. s\bsu\bud\bdo\boe\bed\bdi\bit\bt is a
+ mechanism for editing one or more files where the user's editor is
+ run with the user's credentials instead of elevated privileges.
+ s\bsu\bud\bdo\bo does this by creating user-writable temporary copies of the
+ files to be edited and then overwriting the originals with the
+ temporary copies after editing is complete.
+
+ The plugin should choose the editor to be used, potentially from a
+ variable in the user's environment, and include it in _\ba_\br_\bg_\bv_\b__\bo_\bu_\bt.
+ The files to be edited should be copied from _\ba_\br_\bg_\bv into _\ba_\br_\bg_\bv_\b__\bo_\bu_\bt,
+ separated from the editor and its arguments by a "--" element. The
+ "--" will be removed by s\bsu\bud\bdo\bo before the editor is executed.
+
+ Returns 1 if the command is allowed, 0 if not allowed, -1 for a
+ general error, or -2 for a usage error. In the latter case, s\bsu\bud\bdo\bo
+ will print a usage message before it exits. If an error occurs,
+ the plugin may optionally call the conversation or plugin_printf
+ function with SUDO_CONF_ERROR_MSG to present additional error
+ information to the user.
+
+ The function arguments are the same as for _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by.
+
_\bC_\bo_\bn_\bv_\be_\br_\bs_\ba_\bt_\bi_\bo_\bn _\bA_\bP_\bI
+
+
+
+1.8.0a1 May 13, 2010 9
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
If the plugin needs to interact with the user, it may do so via the
conversation function. A plugin should not attempt to read directly
from the standard input or the user's tty (neither of which are
typedef int (*sudo_printf_t)(int msg_type, const char *fmt, ...);
-
-
-
-1.8.0a1 May 5, 2010 9
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
Pointers to the conversation and printf-style functions are passed in
to the plugin's open function when the plugin is initialized.
usage.
I\bI/\b/O\bO P\bPl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
+
+
+
+
+
+
+
+
+1.8.0a1 May 13, 2010 10
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
struct io_plugin {
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
The io_plugin struct has the following fields:
-
-
-1.8.0a1 May 5, 2010 10
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
type
The type field should always be set to SUDO_IO_PLUGIN
_\bs_\bh_\bo_\bw_\b__\bv_\be_\br_\bs_\bi_\bo_\bn functions are called. It is only called if the
version is being requested or the _\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by function has
returned successfully. It returns 1 on success, 0 on failure, -1
+
+
+
+1.8.0a1 May 13, 2010 11
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
if a general error occurred, or -2 if there was a usage error. In
the latter case, s\bsu\bud\bdo\bo will print a usage message before it exits.
If an error occurs, the plugin may optionally call the conversation
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
-
-
-
-1.8.0a1 May 5, 2010 11
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
See the "Policy Plugin API" section for a list of all possible
settings.
The user's environment in the form of a NULL-terminated vector
of "name=value" strings.
+
+
+1.8.0a1 May 13, 2010 12
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
When parsing _\bu_\bs_\be_\br_\b__\be_\bn_\bv, the plugin should split on the f\bfi\bir\brs\bst\bt
equal sign ('=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
int (*log_ttyin)(const char *buf, unsigned int len);
The _\bl_\bo_\bg_\b__\bt_\bt_\by_\bi_\bn function is called whenever data can be read from the
-
-
-
-1.8.0a1 May 5, 2010 12
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
user but before it is passed to the running command. This allows
the plugin to reject data if it chooses to (for instance if the
input contains banned content). Returns 1 if the data should be
the command but before it is written to the user's terminal. This
allows the plugin to reject data if it chooses to (for instance if
the output contains banned content). Returns 1 if the data should
+
+
+
+1.8.0a1 May 13, 2010 13
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
be passed to the user, 0 if the data is rejected (which will
terminate the command) or -1 if an error occurred.
output. This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content). Returns 1 if
the data should be passed to the user, 0 if the data is rejected
-
-
-
-1.8.0a1 May 5, 2010 13
-
-
-
-
-
-SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
-
-
(which will terminate the command) or -1 if an error occurred.
The function arguments are as follows:
data should be passed to the user, 0 if the data is rejected (which
will terminate the command) or -1 if an error occurred.
+
+
+
+1.8.0a1 May 13, 2010 14
+
+
+
+
+
+SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
+
+
The function arguments are as follows:
buf The buffer containing command output.
-1.8.0a1 May 5, 2010 14
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.8.0a1 May 13, 2010 15
.\" ========================================================================
.\"
.IX Title "SUDO_PLUGIN @mansectsu@"
-.TH SUDO_PLUGIN @mansectsu@ "May 5, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
+.TH SUDO_PLUGIN @mansectsu@ "May 13, 2010" "1.8.0a1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
\& const char *list_user);
\& int (*validate)(void);
\& void (*invalidate)(int remove);
+\& int (*check_sudoedit)(int argc, char * const argv[],
+\& char *env_add[], char **command_info[],
+\& char **argv_out[], char **user_env_out[]);
\& };
.Ve
.PP
.Sp
The \f(CW\*(C`invalidate\*(C'\fR function should be \f(CW\*(C`NULL\*(C'\fR if the plugin does not
support credential caching.
+.IP "check_sudoedit" 4
+.IX Item "check_sudoedit"
+.Vb 3
+\& int (*check_sudoedit)(int argc, char * const argv[]
+\& char *env_add[], char **command_info[],
+\& char **argv_out[], char **user_env_out[]);
+.Ve
+.Sp
+The \fIcheck_sudoedit\fR function is called instead of \fIcheck_policy\fR
+when \fBsudo\fR is invoked as \fBsudoedit\fR or with the \f(CW\*(C`\-e\*(C'\fR flag.
+\&\fBsudoedit\fR is a mechanism for editing one or more files where the
+user's editor is run with the user's credentials instead of elevated
+privileges. \fBsudo\fR does this by creating user-writable temporary
+copies of the files to be edited and then overwriting the originals
+with the temporary copies after editing is complete.
+.Sp
+The plugin should choose the editor to be used, potentially from a
+variable in the user's environment, and include it in \fIargv_out\fR.
+The files to be edited should be copied from \fIargv\fR into \fIargv_out\fR,
+separated from the editor and its arguments by a \f(CW"\-\-"\fR element.
+The \f(CW"\-\-"\fR will be removed by \fBsudo\fR before the editor is executed.
+.Sp
+Returns 1 if the command is allowed, 0 if not allowed, \-1 for a
+general error, or \-2 for a usage error. In the latter case, \fBsudo\fR
+will print a usage message before it exits. If an error occurs,
+the plugin may optionally call the conversation or plugin_printf
+function with \f(CW\*(C`SUDO_CONF_ERROR_MSG\*(C'\fR to present additional error
+information to the user.
+.Sp
+The function arguments are the same as for \fIcheck_policy\fR.
.PP
\fIConversation \s-1API\s0\fR
.IX Subsection "Conversation API"
const char *list_user);
int (*validate)(void);
void (*invalidate)(int remove);
+ int (*check_sudoedit)(int argc, char * const argv[],
+ char *env_add[], char **command_info[],
+ char **argv_out[], char **user_env_out[]);
};
The policy_plugin struct has the following fields:
The C<invalidate> function should be C<NULL> if the plugin does not
support credential caching.
+=item check_sudoedit
+
+ int (*check_sudoedit)(int argc, char * const argv[]
+ char *env_add[], char **command_info[],
+ char **argv_out[], char **user_env_out[]);
+
+The I<check_sudoedit> function is called instead of I<check_policy>
+when B<sudo> is invoked as B<sudoedit> or with the C<-e> flag.
+B<sudoedit> is a mechanism for editing one or more files where the
+user's editor is run with the user's credentials instead of elevated
+privileges. B<sudo> does this by creating user-writable temporary
+copies of the files to be edited and then overwriting the originals
+with the temporary copies after editing is complete.
+
+The plugin should choose the editor to be used, potentially from a
+variable in the user's environment, and include it in I<argv_out>.
+The files to be edited should be copied from I<argv> into I<argv_out>,
+separated from the editor and its arguments by a C<"--"> element.
+The C<"--"> will be removed by B<sudo> before the editor is executed.
+
+Returns 1 if the command is allowed, 0 if not allowed, -1 for a
+general error, or -2 for a usage error. In the latter case, B<sudo>
+will print a usage message before it exits. If an error occurs,
+the plugin may optionally call the conversation or plugin_printf
+function with C<SUDO_CONF_ERROR_MSG> to present additional error
+information to the user.
+
+The function arguments are the same as for I<check_policy>.
+
=back
=head3 Conversation API
projects / sudo / commitdiff