From: Todd C. Miller Date: Wed, 24 Feb 2010 11:35:45 +0000 (-0500) Subject: Document debug_level in plugin doc. Still need to document the -D X-Git-Tag: SUDO_1_8_0~868 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9eb3e63c560e4cb58f4ae59007b392298b5d0a60;p=sudo Document debug_level in plugin doc. Still need to document the -D flag in sudo itself. --- diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat index 092be6ebf..bcf50df0a 100644 --- a/doc/sudo_plugin.cat +++ b/doc/sudo_plugin.cat @@ -1,7 +1,7 @@ -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) SSuuddoo PPlluuggiinn AAPPII @@ -61,13 +61,13 @@ SSuuddoo PPlluuggiinn AAPPII -1.8.0a1 February 21, 2010 1 +1.8.0a1 February 24, 2010 1 -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) struct policy_plugin { @@ -127,13 +127,13 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) -1.8.0a1 February 21, 2010 2 +1.8.0a1 February 24, 2010 2 -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) when running ssuuddoo. As such, they will only be present when the @@ -143,6 +143,10 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) equal sign ('=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. + debug_level=number + A numeric debug level, from 1-9, if specified via the -D + flag. + runas_user=string The user name or uid to to run the command as, if specified via the -u flag. @@ -186,21 +190,21 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SELinux role to use when executing the command, if specified by the -r flag. - selinux_type=string - SELinux type to use when executing the command, if - specified by the -t flag. +1.8.0a1 February 24, 2010 3 -1.8.0a1 February 21, 2010 3 +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) + selinux_type=string + SELinux type to use when executing the command, if + specified by the -t flag. bsdauth_type=string Authentication type, if specified by the -a flag, to use on @@ -251,23 +255,25 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) equal sign ('=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. - close - void (*close)(int exit_status, int error); - The close function is called when the command being run by ssuuddoo - finishes. -1.8.0a1 February 21, 2010 4 +1.8.0a1 February 24, 2010 4 -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + close + void (*close)(int exit_status, int error); + + The close function is called when the command being run by ssuuddoo + finishes. + The function arguments are as follows: exit_status @@ -316,24 +322,24 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) env_add Additional environment variables specified by the user on the - command line in the form of a NULL-terminated vector of - "name=value" strings. The plugin may reject the command if one - or more variables are not allowed to be set, or it may silently - ignore such variables. - When parsing _e_n_v___a_d_d, the plugin should split on the ffiirrsstt +1.8.0a1 February 24, 2010 5 -1.8.0a1 February 21, 2010 5 +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) + command line in the form of a NULL-terminated vector of + "name=value" strings. The plugin may reject the command if one + or more variables are not allowed to be set, or it may silently + ignore such variables. + When parsing _e_n_v___a_d_d, the plugin should split on the ffiirrsstt equal sign ('=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. @@ -383,23 +389,22 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) noexec=bool If set, prevent the command from executing other programs. - chroot=string - The root directory to use when running the command. - - nice=int - Nice value (priority) to use when executing the command. +1.8.0a1 February 24, 2010 6 -1.8.0a1 February 21, 2010 6 +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) + chroot=string + The root directory to use when running the command. + nice=int + Nice value (priority) to use when executing the command. The nice value, if specified, overrides the priority associated with the _l_o_g_i_n___c_l_a_s_s on BSD systems. @@ -448,24 +453,25 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) policy allows it. If NULL, the plugin should list the privileges of the invoking user. - argc - The number of elements in _a_r_g_v, not counting the final NULL - pointer. - argv - If non-NULL, an argument vector describing a command the user -1.8.0a1 February 21, 2010 7 +1.8.0a1 February 24, 2010 7 -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + argc + The number of elements in _a_r_g_v, not counting the final NULL + pointer. + + argv + If non-NULL, an argument vector describing a command the user wishes to check against the policy in the same form as what would be passed to the _e_x_e_c_v_e_(_) system call. If the command is permitted by the policy, the fully-qualified path to the @@ -506,6 +512,26 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) plugin should not attempt to read directly from the standard input or the user's tty. + + + + + + + + + + + +1.8.0a1 February 24, 2010 8 + + + + + +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + + struct sudo_conv_message { #define SUDO_CONV_PROMPT_ECHO_OFF 1 #define SUDO_CONV_PROMPT_ECHO_ON 2 @@ -520,18 +546,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) char *reply; }; - - - -1.8.0a1 February 21, 2010 8 - - - - - -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) - - typedef int (*sudo_conv_t)(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[]); @@ -573,6 +587,17 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) type The type field should always be set to SUDO_IO_PLUGIN + + +1.8.0a1 February 24, 2010 9 + + + + + +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + + version The version field should be set to SUDO_API_VERSION. @@ -586,18 +611,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) Returns 1 on success, 0 if the command should not be logged and -1 on error. On error, the plugin may optionally call the - - - -1.8.0a1 February 21, 2010 9 - - - - - -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) - - conversation function with SUDO_CONF_ERROR_MSG to present additional error information to the user. @@ -640,30 +653,29 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) See the "Policy Plugin API" section for a list of all possible strings. - user_env - The user's environment in the form of a NULL-terminated vector - of "name=value" strings. - - When parsing _u_s_e_r___e_n_v, the plugin should split on the ffiirrsstt - equal sign ('=') since the _n_a_m_e field will never include one - itself but the _v_a_l_u_e might. - close - void (*close)(int exit_status, int error); - The close function is called when the command being run by ssuuddoo +1.8.0a1 February 24, 2010 10 -1.8.0a1 February 21, 2010 10 +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + user_env + The user's environment in the form of a NULL-terminated vector + of "name=value" strings. -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) + When parsing _u_s_e_r___e_n_v, the plugin should split on the ffiirrsstt + equal sign ('=') since the _n_a_m_e field will never include one + itself but the _v_a_l_u_e might. + close + void (*close)(int exit_status, int error); + The close function is called when the command being run by ssuuddoo finishes. The function arguments are as follows: @@ -706,29 +718,30 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) log_output int (*log_output)(const char *buf, unsigned int len); - The _l_o_g___o_u_t_p_u_t function is called whenever data can be read from - the command but before it is written to the user's terminal. This - allows the plugin to reject data if it chooses to (for instance if - the input contains banned content). Returns 1 if the data should - be passed to the user, 0 if the data is rejected (which will - terminate the command) or -1 if an error occurred. - The function arguments are as follows: - buf The buffer containing command output. - len The length of _b_u_f in bytes. +1.8.0a1 February 24, 2010 11 + -1.8.0a1 February 21, 2010 11 +SUDO_PLUGIN(8) MAINTENANCE COMMANDS SUDO_PLUGIN(8) + The _l_o_g___o_u_t_p_u_t function is called whenever data can be read from + the command but before it is written to the user's terminal. This + allows the plugin to reject data if it chooses to (for instance if + the input contains banned content). Returns 1 if the data should + be passed to the user, 0 if the data is rejected (which will + terminate the command) or -1 if an error occurred. + The function arguments are as follows: -SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) + buf The buffer containing command output. + len The length of _b_u_f in bytes. UUnnhhaannddlleedd ccoommmmaanndd lliinnee ooppttiioonnss The -L command line option has been deprecated as its output is covered @@ -774,19 +787,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) - - - - - - - - - - - - - -1.8.0a1 February 21, 2010 12 +1.8.0a1 February 24, 2010 12 diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in index 10c17831c..0869f0356 100644 --- a/doc/sudo_plugin.man.in +++ b/doc/sudo_plugin.man.in @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SUDO_PLUGIN @mansectsu@" -.TH SUDO_PLUGIN @mansectsu@ "February 21, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" +.TH SUDO_PLUGIN @mansectsu@ "February 24, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -253,6 +253,9 @@ When parsing \fIsettings\fR, the plugin should split on the \fBfirst\fR equal sign ('=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .RS 4 +.IP "debug_level=number" 4 +.IX Item "debug_level=number" +A numeric debug level, from 1\-9, if specified via the \f(CW\*(C`\-D\*(C'\fR flag. .IP "runas_user=string" 4 .IX Item "runas_user=string" The user name or uid to to run the command as, if specified via the diff --git a/doc/sudo_plugin.pod b/doc/sudo_plugin.pod index ca9de74ed..9fd20b996 100644 --- a/doc/sudo_plugin.pod +++ b/doc/sudo_plugin.pod @@ -131,6 +131,10 @@ itself but the I might. =over 4 +=item debug_level=number + +A numeric debug level, from 1-9, if specified via the C<-D> flag. + =item runas_user=string The user name or uid to to run the command as, if specified via the