/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

* plugins.d/password-prompt.c: Use exit codes from <sysexits.h>.  Do
                               close(STDOUT_FILENO) after writing to
                               check its return code.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "plugin-runner">
6
 
<!ENTITY TIMESTAMP "2008-09-04">
 
5
<!ENTITY TIMESTAMP "2009-01-17">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
34
36
      <holder>Teddy Hogeborn</holder>
35
37
      <holder>Björn Påhlsson</holder>
36
38
    </copyright>
37
39
    <xi:include href="legalnotice.xml"/>
38
40
  </refentryinfo>
39
 
 
 
41
  
40
42
  <refmeta>
41
43
    <refentrytitle>&COMMANDNAME;</refentrytitle>
42
44
    <manvolnum>8mandos</manvolnum>
48
50
      Run Mandos plugins, pass data from first to succeed.
49
51
    </refpurpose>
50
52
  </refnamediv>
51
 
 
 
53
  
52
54
  <refsynopsisdiv>
53
55
    <cmdsynopsis>
54
56
      <command>&COMMANDNAME;</command>
55
57
      <group rep="repeat">
56
58
        <arg choice="plain"><option>--global-env=<replaceable
57
 
        >VAR</replaceable><literal>=</literal><replaceable
 
59
        >ENV</replaceable><literal>=</literal><replaceable
58
60
        >value</replaceable></option></arg>
59
61
        <arg choice="plain"><option>-G
60
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
62
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
61
63
        >value</replaceable> </option></arg>
62
64
      </group>
63
65
      <sbr/>
170
172
    <variablelist>
171
173
      <varlistentry>
172
174
        <term><option>--global-env
173
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
175
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
174
176
        >value</replaceable></option></term>
175
177
        <term><option>-G
176
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
178
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
177
179
        >value</replaceable></option></term>
178
180
        <listitem>
179
181
          <para>
247
249
          </para>
248
250
        </listitem>
249
251
      </varlistentry>
250
 
 
 
252
      
251
253
      <varlistentry>
252
254
        <term><option>--disable
253
255
        <replaceable>PLUGIN</replaceable></option></term>
261
263
          </para>       
262
264
        </listitem>
263
265
      </varlistentry>
264
 
 
 
266
      
265
267
      <varlistentry>
266
268
        <term><option>--enable
267
269
        <replaceable>PLUGIN</replaceable></option></term>
276
278
          </para>
277
279
        </listitem>
278
280
      </varlistentry>
279
 
 
 
281
      
280
282
      <varlistentry>
281
283
        <term><option>--groupid
282
284
        <replaceable>ID</replaceable></option></term>
289
291
          </para>
290
292
        </listitem>
291
293
      </varlistentry>
292
 
 
 
294
      
293
295
      <varlistentry>
294
296
        <term><option>--userid
295
297
        <replaceable>ID</replaceable></option></term>
302
304
          </para>
303
305
        </listitem>
304
306
      </varlistentry>
305
 
 
 
307
      
306
308
      <varlistentry>
307
309
        <term><option>--plugin-dir
308
310
        <replaceable>DIRECTORY</replaceable></option></term>
365
367
          </para>
366
368
        </listitem>
367
369
      </varlistentry>
368
 
 
 
370
      
369
371
      <varlistentry>
370
372
        <term><option>--version</option></term>
371
373
        <term><option>-V</option></term>
377
379
      </varlistentry>
378
380
    </variablelist>
379
381
  </refsect1>
380
 
 
 
382
  
381
383
  <refsect1 id="overview">
382
384
    <title>OVERVIEW</title>
383
385
    <xi:include href="overview.xml"/>
403
405
      code will make this plugin-runner output the password from that
404
406
      plugin, stop any other plugins, and exit.
405
407
    </para>
406
 
 
 
408
    
407
409
    <refsect2 id="writing_plugins">
408
410
      <title>WRITING PLUGINS</title>
409
411
      <para>
416
418
        console.
417
419
      </para>
418
420
      <para>
 
421
        If the password is a single-line, manually entered passprase,
 
422
        a final trailing newline character should
 
423
        <emphasis>not</emphasis> be printed.
 
424
      </para>
 
425
      <para>
419
426
        The plugin will run in the initial RAM disk environment, so
420
427
        care must be taken not to depend on any files or running
421
428
        services not available there.
510
517
    </para>
511
518
  </refsect1>
512
519
  
513
 
<!--   <refsect1 id="bugs"> -->
514
 
<!--     <title>BUGS</title> -->
515
 
<!--     <para> -->
516
 
<!--     </para> -->
517
 
<!--   </refsect1> -->
 
520
  <refsect1 id="bugs">
 
521
    <title>BUGS</title>
 
522
    <para>
 
523
      The <option>--config-file</option> option is ignored when
 
524
      specified from within a configuration file.
 
525
    </para>
 
526
  </refsect1>
518
527
  
519
528
  <refsect1 id="examples">
520
529
    <title>EXAMPLE</title>
562
571
    </informalexample>
563
572
    <informalexample>
564
573
      <para>
565
 
        Run plugins from a different directory and add two
566
 
        options to the <citerefentry><refentrytitle
567
 
        >password-request</refentrytitle>
 
574
        Run plugins from a different directory, read a different
 
575
        configuration file, and add two options to the
 
576
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
568
577
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
569
578
      </para>
570
579
      <para>
571
580
 
572
581
<!-- do not wrap this line -->
573
 
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
 
582
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
574
583
 
575
584
      </para>
576
585
    </informalexample>
584
593
      non-privileged.  This user and group is then what all plugins
585
594
      will be started as.  Therefore, the only way to run a plugin as
586
595
      a privileged user is to have the set-user-ID or set-group-ID bit
587
 
      set on the plugin executable files (see <citerefentry>
 
596
      set on the plugin executable file (see <citerefentry>
588
597
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
589
598
      </citerefentry>).
590
599
    </para>
618
627
      <manvolnum>8</manvolnum></citerefentry>,
619
628
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
620
629
      <manvolnum>8mandos</manvolnum></citerefentry>,
621
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
630
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
622
631
      <manvolnum>8mandos</manvolnum></citerefentry>
623
632
    </para>
624
633
  </refsect1>