4 Plugins are a way to extend vlock's functionality. They can define
5 hooks that are called at certain points in a vlock session.
7 There are two separate types of plugins: modules and scripts. Modules
8 are shared objects that are loaded into vlock's address space. They run
9 with the same privileges as vlock and thus are very powerful but also
10 dangerous. Scripts may be any kind of executables located in vlock's
11 script directory. They are run in separate processes with lowered
12 privileges, i.e. the same as the user who started vlock.
14 For simple tasks scripts should be preferred over modules. They are
15 easier to develop and test and have a lower impact on security and
21 Plugins may depend on each other in several ways. There are six
22 different types of dependencies. Each dependency type is represented by
23 a list of plugin names. The way of declaring them is different for
24 modules and scripts but their names and meaning are the same.
26 Resolving the dependencies is done after all initially requested plugins
27 are loaded and may fail if dependencies cannot be met.
29 The names and meaning of the dependencies are as follows:
32 The plugins listed here must be loaded for the declaring plugin to
33 work. If any of the plugins is not loaded yet it will be loaded
34 automatically. Dependency resolving fails if a plugin cannot be
38 The plugins listed here must be loaded for the declaring plugin to
39 work. Dependency resolving fails if any of the plugins listed here is
43 The plugins listed here must be loaded for the declaring plugin to
44 work. If any of the plugins listed here is not loaded the declaring
45 plugin is automatically unloaded. Dependency resolving fails if the
46 declaring plugin is already required by some other plugin.
49 The plugins listed here must not be loaded at the same time as the
50 declaring plugin. Dependency resolving fails if any of the plugins
51 listed here is loaded.
53 The other two dependencies are used to specify the order of the plugins:
56 The plugins listed here must come after the declaring plugin.
59 The plugins listed here must come before the declaring plugin.
61 Sorting the plugins may fail if the "preceeds" and "succeeds"
62 dependencies introduce circles.
67 There are four different hooks that plugins may declare:
70 This hook is called once immediately after vlock is initialized and
71 before any authentication prompt. If a plugin signals an error in
72 this hook vlock aborts and calls the vlock_end hooks of all previously
76 This hook is called once after successful authentication or if vlock
77 is killed by SIGTERM. Errors in this hook are ignored.
80 This hook is called after the vlock message is displayed every time
81 the timeout expires or the escape key is pressed. If a plugin signals
82 an error in this hook its vlock_save_abort hook is called and both
83 hooks are not called again afterwards.
86 This hook is called after vlock_save was called and any key was
87 pressed. If a plugin signals an error in this hook both this hook and
88 the vlock_save hook are not called again.
90 Note: Hooks should not block. Screensavers should be executed in a
91 background process or thread. The only exception would be hooks that
92 suspend the machine (though these technically do not block in the common
98 Modules are shared objects that are loaded into vlock's address space.
99 They export hook functions and dependencies as global functions. To
100 ensure definitions modules should include vlock_plugin.h from the module
101 subdirectory of the vlock source distribution.
106 Dependencies are declared as NULL terminated arrays of const char
107 pointers. Empty lists can be just left out. Example::
110 const char *preceeds[] = { "new", "all", NULL };
111 const char *depends[] = { "all", NULL };
116 Hooks are boolean functions that take a void pointer pointer. Their
117 return status indicates success or failure. The argument points to a
118 void pointer that may be set freely. It may be used to maintain state
119 between the different hooks. It is initialized to NULL. Hook functions
120 must not block and not terminate the program. On error they may print
121 the cause of the error to stderr in addition to returning false.
126 Please see modules/example_module.c in the vlock source distribution.
131 Scripts are executables that are started as child processes of vlock.
132 They run with the same privileges as the user starting vlock instead of
133 the privileges of the vlock process. They communicate with vlock
134 through command line arguments and pipes.
139 To get the dependencies of a script it is run once for each dependency
140 item with the dependency name as the single command line argument. Its
141 standard output is redirected to a pipe that is read by vlock. The
142 plugin should print the dependency items, if any, separated by arbitrary
143 white space (carriage return, space or newline) and then exit. No
144 errors are detected in this process.
149 After the dependencies are read the script is run one last time this
150 time with the string "hooks" as the single command line argument. Its
151 standard input is redirected from a pipe that is written to by vlock.
152 Whenever a hook should be executed its name followed by a new line
153 character are written to the pipe. The script's standard output and
154 standard error are redirected to /dev/null. The script should only exit
155 if end-of-file is detected on standard in even in cases where no
156 subsequent hooks need to be executed. Error detection is limited to
157 detecting if the script exits prematurely. There is currently no way
158 for a script what kind of error happened.
163 Please see scripts/example_script.sh in the vlock source distribution.