isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mention plugins in the sudo manual and add some missing path

Browse Source 
substitution in the sudo_plugin manual.
This commit is contained in:
Todd C. Miller
2010-06-09 12:26:37 -04:00
parent 474392821e
commit 9d09966aad
6 changed files with 248 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
doc/sudo_plugin.man.in
View File

@@ -151,7 +151,7 @@ for policy and session logging. By default, the \fIsudoers\fR policy
plugin and an associated I/O logging plugin are used. Via the plugin
\&\s-1API\s0, \fBsudo\fR can be configured to use alternate policy and/or I/O
logging plugins provided by third parties. The plugins to be used
are specified via the \fI/etc/sudo.conf\fR file.
are specified via the \fI@sysconfdir@/sudo.conf\fR file.
.PP
The \s-1API\s0 is versioned with a major and minor number. The minor
version number is incremented when additions are made. The major
@@ -162,7 +162,7 @@ major version matches.
The plugin \s-1API\s0 is defined by the \f(CW\*(C`sudo_plugin.h\*(C'\fR header file.
.SS "The sudo.conf File"
.IX Subsection "The sudo.conf File"
The \fI/etc/sudo.conf\fR file contains plugin configuration directives.
The \fI@sysconfdir@/sudo.conf\fR file contains plugin configuration directives.
Currently, the only supported keyword is the \f(CW\*(C`Plugin\*(C'\fR directive,
which causes a plugin plugin to be loaded.
.PP
@@ -171,8 +171,8 @@ A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is
relative to the \f(CW$prefix\fR/libexec directory where the prefix is
specified at build time (/usr/local by default).
relative to the \fI@prefix@/libexec\fR directory. Any additional parameters
after the \fIpath\fR are ignored.
.PP
The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid
@@ -180,16 +180,17 @@ different symbol name. The shared object file must be owned by uid
from composite policies, only a single policy plugin may be specified.
This limitation does not apply to I/O plugins.
.PP
.Vb 12
.Vb 10
\& #
\& # Default /etc/sudo.conf file
\& # Default @sysconfdir@/sudo.conf file
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
\& #
\& # The plugin_path relative to prefix/libexec unless fully qualified
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
\& # The plugin_name corresponds to a global symbol in the plugin
\& # that contains the plugin interface.
\& # that contains the plugin interface structure.
\& #
\& Plugin policy_plugin sudoers.so
\& Plugin io_plugin sudoers.so
@@ -199,7 +200,7 @@ This limitation does not apply to I/O plugins.
A policy plugin must declare and populate a \f(CW\*(C`policy_plugin\*(C'\fR struct
in the global scope. This structure contains pointers to the functions
that implement the \fBsudo\fR policy checks. The name of the symbol should
be specified in \fI/etc/sudo.conf\fR along with a path to the plugin
be specified in \fI@sysconfdir@/sudo.conf\fR along with a path to the plugin
so that \fBsudo\fR can load it.
.PP
.Vb 10