diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
commit | 025c439e829e0db9ac511cd9c1b8d5fd53475ead (patch) | |
tree | fa6986b4690f991613ffb97cea1f6942427baf5d /src/intercept.proto | |
parent | Initial commit. (diff) | |
download | sudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.tar.xz sudo-025c439e829e0db9ac511cd9c1b8d5fd53475ead.zip |
Adding upstream version 1.9.15p5.upstream/1.9.15p5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/intercept.proto | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/src/intercept.proto b/src/intercept.proto new file mode 100644 index 0000000..53a068a --- /dev/null +++ b/src/intercept.proto @@ -0,0 +1,71 @@ +syntax = "proto3"; + +/* + * Intercept message from sudo_intercept.so. Messages on the + * wire are prefixed with a 32-bit size in network byte order. + */ +message InterceptRequest { + oneof type { + PolicyCheckRequest policy_check_req = 1; + InterceptHello hello = 2; + } +} + +/* + * Hello message from sudo_intercept.so to main sudo process. + * Sudo sends back the token and localhost port number. + */ +message InterceptHello { + int32 pid = 1; +} + +/* + * Sudo response to an InterceptHello from sudo_intercept.so. + * The client uses the port number and token to connect back to sudo. + * If log_only is set there is no InterceptResponse to a PolicyCheckRequest. + */ +message HelloResponse { + fixed64 token_lo = 1; + fixed64 token_hi = 2; + int32 portno = 3; + bool log_only = 4; +} + +/* + * Policy check request from sudo_intercept.so. + * Note that the plugin API only currently supports passing + * the new environment in to the open() function. + */ +message PolicyCheckRequest { + string command = 1; + string cwd = 2; + repeated string argv = 3; + repeated string envp = 4; + int32 intercept_fd = 5; +} + +message PolicyAcceptMessage { + string run_command = 1; + repeated string run_argv = 2; + repeated string run_envp = 3; +} + +message PolicyRejectMessage { + string reject_message = 1; +} + +message PolicyErrorMessage { + string error_message = 1; +} + +/* + * Response sent back to sudo_intercept.so. + */ +message InterceptResponse { + oneof type { + HelloResponse hello_resp = 1; + PolicyAcceptMessage accept_msg = 2; + PolicyRejectMessage reject_msg = 3; + PolicyErrorMessage error_msg = 4; + } +} |