/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-05 07:11:24 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080905071124-9dq11jq5rfd6zfxf
* Makefile: Changed to use symbolic instead of octal modes throughout.
  (KEYDIR): New variable for the key directory.
  (install-server): Bug fix: remove "--parents" from install args.
  (install-client): Bug fix: - '' -  Also create key directory.  Do
                    not chmod plugin dir.  Create custom plugin directory
                    if not the same as normal plugin directory.  Add
                    "--dir" option to "mandos-keygen".  Add note about
                    running "mandos-keygen --password".
  (uninstall-server): Do not depend on the installed server binary,
                      since this made it impossible to do a purge
                      after an uninstall.
  (purge-client): Shred seckey.txt.  Use $(KEYDIR).

* README: Improved wording.

* initramfs-tools-hook: Use a loop to find prefix.  Also find keydir.
                        Remove "${DESTDIR}" from "copy_exec".  Do not
                        try to copy literal "*" if no custom plugins
                        are found.  Copy key files from keydir, not
                        config dir.  Only repair mode on directories
                        that actually exist.  Do not run chmod if
                        nothing needs repairing.

* plugin-runner.conf: New file.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2011-08-08">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-04">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
34
      <holder>Teddy Hogeborn</holder>
38
35
      <holder>Björn Påhlsson</holder>
39
36
    </copyright>
40
37
    <xi:include href="legalnotice.xml"/>
41
38
  </refentryinfo>
42
 
  
 
39
 
43
40
  <refmeta>
44
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
45
42
    <manvolnum>8mandos</manvolnum>
51
48
      Run Mandos plugins, pass data from first to succeed.
52
49
    </refpurpose>
53
50
  </refnamediv>
54
 
  
 
51
 
55
52
  <refsynopsisdiv>
56
53
    <cmdsynopsis>
57
54
      <command>&COMMANDNAME;</command>
58
55
      <group rep="repeat">
59
56
        <arg choice="plain"><option>--global-env=<replaceable
60
 
        >ENV</replaceable><literal>=</literal><replaceable
 
57
        >VAR</replaceable><literal>=</literal><replaceable
61
58
        >value</replaceable></option></arg>
62
59
        <arg choice="plain"><option>-G
63
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
60
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
64
61
        >value</replaceable> </option></arg>
65
62
      </group>
66
63
      <sbr/>
173
170
    <variablelist>
174
171
      <varlistentry>
175
172
        <term><option>--global-env
176
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
173
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
177
174
        >value</replaceable></option></term>
178
175
        <term><option>-G
179
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
176
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
180
177
        >value</replaceable></option></term>
181
178
        <listitem>
182
179
          <para>
250
247
          </para>
251
248
        </listitem>
252
249
      </varlistentry>
253
 
      
 
250
 
254
251
      <varlistentry>
255
252
        <term><option>--disable
256
253
        <replaceable>PLUGIN</replaceable></option></term>
264
261
          </para>       
265
262
        </listitem>
266
263
      </varlistentry>
267
 
      
 
264
 
268
265
      <varlistentry>
269
266
        <term><option>--enable
270
267
        <replaceable>PLUGIN</replaceable></option></term>
279
276
          </para>
280
277
        </listitem>
281
278
      </varlistentry>
282
 
      
 
279
 
283
280
      <varlistentry>
284
281
        <term><option>--groupid
285
282
        <replaceable>ID</replaceable></option></term>
292
289
          </para>
293
290
        </listitem>
294
291
      </varlistentry>
295
 
      
 
292
 
296
293
      <varlistentry>
297
294
        <term><option>--userid
298
295
        <replaceable>ID</replaceable></option></term>
305
302
          </para>
306
303
        </listitem>
307
304
      </varlistentry>
308
 
      
 
305
 
309
306
      <varlistentry>
310
307
        <term><option>--plugin-dir
311
308
        <replaceable>DIRECTORY</replaceable></option></term>
368
365
          </para>
369
366
        </listitem>
370
367
      </varlistentry>
371
 
      
 
368
 
372
369
      <varlistentry>
373
370
        <term><option>--version</option></term>
374
371
        <term><option>-V</option></term>
380
377
      </varlistentry>
381
378
    </variablelist>
382
379
  </refsect1>
383
 
  
 
380
 
384
381
  <refsect1 id="overview">
385
382
    <title>OVERVIEW</title>
386
383
    <xi:include href="overview.xml"/>
406
403
      code will make this plugin-runner output the password from that
407
404
      plugin, stop any other plugins, and exit.
408
405
    </para>
409
 
    
 
406
 
410
407
    <refsect2 id="writing_plugins">
411
408
      <title>WRITING PLUGINS</title>
412
409
      <para>
419
416
        console.
420
417
      </para>
421
418
      <para>
422
 
        If the password is a single-line, manually entered passprase,
423
 
        a final trailing newline character should
424
 
        <emphasis>not</emphasis> be printed.
425
 
      </para>
426
 
      <para>
427
419
        The plugin will run in the initial RAM disk environment, so
428
420
        care must be taken not to depend on any files or running
429
421
        services not available there.
572
564
    </informalexample>
573
565
    <informalexample>
574
566
      <para>
575
 
        Run plugins from a different directory, read a different
576
 
        configuration file, and add two options to the
577
 
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
 
567
        Run plugins from a different directory and add two
 
568
        options to the <citerefentry><refentrytitle
 
569
        >password-request</refentrytitle>
578
570
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
579
571
      </para>
580
572
      <para>
581
573
 
582
574
<!-- do not wrap this line -->
583
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
575
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
584
576
 
585
577
      </para>
586
578
    </informalexample>
594
586
      non-privileged.  This user and group is then what all plugins
595
587
      will be started as.  Therefore, the only way to run a plugin as
596
588
      a privileged user is to have the set-user-ID or set-group-ID bit
597
 
      set on the plugin executable file (see <citerefentry>
 
589
      set on the plugin executable files (see <citerefentry>
598
590
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
599
591
      </citerefentry>).
600
592
    </para>
618
610
  <refsect1 id="see_also">
619
611
    <title>SEE ALSO</title>
620
612
    <para>
621
 
      <citerefentry><refentrytitle>intro</refentrytitle>
622
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
623
613
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
624
614
      <manvolnum>8</manvolnum></citerefentry>,
625
615
      <citerefentry><refentrytitle>crypttab</refentrytitle>
630
620
      <manvolnum>8</manvolnum></citerefentry>,
631
621
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
632
622
      <manvolnum>8mandos</manvolnum></citerefentry>,
633
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
623
      <citerefentry><refentrytitle>password-request</refentrytitle>
634
624
      <manvolnum>8mandos</manvolnum></citerefentry>
635
625
    </para>
636
626
  </refsect1>