summaryrefslogtreecommitdiffstats
path: root/src/intercept.proto
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:37:38 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:37:38 +0000
commitae581a19fbe896a797450b9d9573fb66f2735227 (patch)
tree56c40be8518a29c9351364d13a9676aa83932dc0 /src/intercept.proto
parentInitial commit. (diff)
downloadsudo-upstream.tar.xz
sudo-upstream.zip
Adding upstream version 1.9.13p3.upstream/1.9.13p3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/intercept.proto')
-rw-r--r--src/intercept.proto71
1 files changed, 71 insertions, 0 deletions
diff --git a/src/intercept.proto b/src/intercept.proto
new file mode 100644
index 0000000..53a068a
--- /dev/null
+++ b/src/intercept.proto
@@ -0,0 +1,71 @@
+syntax = "proto3";
+
+/*
+ * Intercept message from sudo_intercept.so. Messages on the
+ * wire are prefixed with a 32-bit size in network byte order.
+ */
+message InterceptRequest {
+ oneof type {
+ PolicyCheckRequest policy_check_req = 1;
+ InterceptHello hello = 2;
+ }
+}
+
+/*
+ * Hello message from sudo_intercept.so to main sudo process.
+ * Sudo sends back the token and localhost port number.
+ */
+message InterceptHello {
+ int32 pid = 1;
+}
+
+/*
+ * Sudo response to an InterceptHello from sudo_intercept.so.
+ * The client uses the port number and token to connect back to sudo.
+ * If log_only is set there is no InterceptResponse to a PolicyCheckRequest.
+ */
+message HelloResponse {
+ fixed64 token_lo = 1;
+ fixed64 token_hi = 2;
+ int32 portno = 3;
+ bool log_only = 4;
+}
+
+/*
+ * Policy check request from sudo_intercept.so.
+ * Note that the plugin API only currently supports passing
+ * the new environment in to the open() function.
+ */
+message PolicyCheckRequest {
+ string command = 1;
+ string cwd = 2;
+ repeated string argv = 3;
+ repeated string envp = 4;
+ int32 intercept_fd = 5;
+}
+
+message PolicyAcceptMessage {
+ string run_command = 1;
+ repeated string run_argv = 2;
+ repeated string run_envp = 3;
+}
+
+message PolicyRejectMessage {
+ string reject_message = 1;
+}
+
+message PolicyErrorMessage {
+ string error_message = 1;
+}
+
+/*
+ * Response sent back to sudo_intercept.so.
+ */
+message InterceptResponse {
+ oneof type {
+ HelloResponse hello_resp = 1;
+ PolicyAcceptMessage accept_msg = 2;
+ PolicyRejectMessage reject_msg = 3;
+ PolicyErrorMessage error_msg = 4;
+ }
+}