/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-05-23 20:18:34 UTC
  • mto: (237.7.304 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150523201834-e89ex4ito93yni8x
mandos: Use multiprocessing module to run checkers.

For a long time, the Mandos server has occasionally logged the message
"ERROR: Child process vanished".  This was never a fatal error, but it
has been annoying and slightly worrying, since a definite cause was
not found.  One potential cause could be the "multiprocessing" and
"subprocess" modules conflicting w.r.t. SIGCHLD.  To avoid this,
change the running of checkers from using subprocess.Popen
asynchronously to instead first create a multiprocessing.Process()
(which is asynchronous) calling a function, and have that function
then call subprocess.call() (which is synchronous).  In this way, the
only thing using any asynchronous subprocesses is the multiprocessing
module.

This makes it necessary to change one small thing in the D-Bus API,
since the subprocesses.call() function does not expose the raw wait(2)
status value.

DBUS-API (CheckerCompleted): Change the second value provided by this
                             D-Bus signal from the raw wait(2) status
                             to the actual terminating signal number.
mandos (subprocess_call_pipe): New function to be called by
                               multiprocessing.Process (starting a
                               separate process).
(Client.last_checker signal): New attribute for signal which
                              terminated last checker.  Like
                              last_checker_status, only not accessible
                              via D-Bus.
(Client.checker_callback): Take new "connection" argument and use it
                           to get returncode; set last_checker_signal.
                           Return False so gobject does not call this
                           callback again.
(Client.start_checker): Start checker using a multiprocessing.Process
                        instead of a subprocess.Popen.
(ClientDBus.checker_callback): Take new "connection" argument.        Call
                               Client.checker_callback early to have
                               it set last_checker_status and
                               last_checker_signal; use those.  Change
                               second value provided to D-Bus signal
                               CheckerCompleted to use
                               last_checker_signal if checker was
                               terminated by signal.
mandos-monitor: Update to reflect DBus API change.
(MandosClientWidget.checker_completed): Take "signal" instead of
                                        "condition" argument.  Use it
                                        accordingly.  Remove dead code
                                        (os.WCOREDUMP case).

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-prompt">
5
 
<!ENTITY TIMESTAMP "2019-07-27">
 
5
<!ENTITY TIMESTAMP "2012-01-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
36
      <year>2011</year>
38
37
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
 
      <year>2019</year>
46
38
      <holder>Teddy Hogeborn</holder>
47
39
      <holder>Björn Påhlsson</holder>
48
40
    </copyright>
69
61
        >PREFIX</replaceable></arg>
70
62
      </group>
71
63
      <sbr/>
72
 
      <arg choice="opt">
73
 
        <option>--prompt <replaceable>PROMPT</replaceable></option>
74
 
      </arg>
75
64
      <arg choice="opt"><option>--debug</option></arg>
76
65
    </cmdsynopsis>
77
66
    <cmdsynopsis>
113
102
      wrapper, although actual use of that function is not guaranteed
114
103
      or implied.
115
104
    </para>
116
 
    <para>
117
 
      This program tries to detect if a Plymouth daemon
118
 
      (<citerefentry><refentrytitle
119
 
      >plymouthd</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
120
 
      is running, by looking for a
121
 
      <filename>/run/plymouth/pid</filename> file or a process named
122
 
      <quote><literal>plymouthd</literal></quote>.  If it is detected,
123
 
      this process will immediately exit without doing anything.
124
 
    </para>
125
105
  </refsect1>
126
106
  
127
107
  <refsect1 id="options">
150
130
      </varlistentry>
151
131
      
152
132
      <varlistentry>
153
 
        <term><option>--prompt=<replaceable
154
 
        >PROMPT</replaceable></option></term>
155
 
        <listitem>
156
 
          <para>
157
 
            The password prompt.  Using this option will make this
158
 
            program ignore the <envar>CRYPTTAB_SOURCE</envar> and
159
 
            <envar>CRYPTTAB_NAME</envar> environment variables.
160
 
          </para>
161
 
        </listitem>
162
 
      </varlistentry>
163
 
      
164
 
      <varlistentry>
165
133
        <term><option>--debug</option></term>
166
134
        <listitem>
167
135
          <para>
221
189
        <term><envar>CRYPTTAB_NAME</envar></term>
222
190
        <listitem>
223
191
          <para>
224
 
            If set, and if the <option>--prompt</option> option is not
225
 
            used, these environment variables will be assumed to
 
192
            If set, these environment variables will be assumed to
226
193
            contain the source device name and the target device
227
194
            mapper name, respectively, and will be shown as part of
228
195
            the prompt.
230
197
        <para>
231
198
          These variables will normally be inherited from
232
199
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
233
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
234
 
          have in turn inherited them from its calling process.
 
200
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
201
          normally have inherited them from
 
202
          <filename>/scripts/local-top/cryptroot</filename> in the
 
203
          initial <acronym>RAM</acronym> disk environment, which will
 
204
          have set them from parsing kernel arguments and
 
205
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
206
          initial RAM disk environment), which in turn will have been
 
207
          created when the initial RAM disk image was created by
 
208
          <filename
 
209
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
210
          extracting the information of the root file system from
 
211
          <filename >/etc/crypttab</filename>.
235
212
        </para>
236
213
        <para>
237
214
          This behavior is meant to exactly mirror the behavior of
238
 
          <command>askpass</command>, the default password prompter
239
 
          from initramfs-tools.
 
215
          <command>askpass</command>, the default password prompter.
240
216
        </para>
241
217
        </listitem>
242
218
      </varlistentry>
245
221
  
246
222
  <refsect1 id="bugs">
247
223
    <title>BUGS</title>
248
 
    <xi:include href="../bugs.xml"/>
 
224
    <para>
 
225
      None are known at this time.
 
226
    </para>
249
227
  </refsect1>
250
228
  
251
229
  <refsect1 id="example">
317
295
    <title>SEE ALSO</title>
318
296
    <para>
319
297
      <citerefentry><refentrytitle>intro</refentrytitle>
320
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
298
      <manvolnum>8mandos</manvolnum></citerefentry>
 
299
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
300
      <manvolnum>5</manvolnum></citerefentry>
321
301
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
322
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
302
      <manvolnum>8mandos</manvolnum></citerefentry>
323
303
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
324
304
      <manvolnum>8mandos</manvolnum></citerefentry>,
325
 
      <citerefentry><refentrytitle>plymouthd</refentrytitle>
326
 
      <manvolnum>8</manvolnum></citerefentry>
327
305
    </para>
328
306
  </refsect1>
329
307
</refentry>