/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-09 08:20:24 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150709082024-eitu9mav45lefl75
mandos-client: Add --dh-params FILE option.

* plugins.d/mandos-client.c: Added --dh-params FILE option.
  (init_gnutls_global): New "dhparamsfilename" argument.  All callers
                        changed.  Read and use Diffie-Hellman
                        parameters from it.  Bug fix:  check for error
                        when opening seckeyfile for the second time.
  (init_gnutls_session): Remove unnecessary call to
                         gnutls_dh_set_prime_bits();
  (main): New variable "dh_params_file".
  (main/argp_options): Added "--dh-params" option.
  (main/parse_opt): - '' -
* plugins.d/mandos-client.xml (SYNOPSIS): Add --dh-params option.
  (OPTIONS): Document --dh-params option and document that the
             --dh-bits options is potentially overridden by the
             --dh-params option.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2008-09-30">
 
5
<!ENTITY TIMESTAMP "2015-06-28">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2012</year>
35
37
      <holder>Teddy Hogeborn</holder>
36
38
      <holder>Björn Påhlsson</holder>
37
39
    </copyright>
112
114
      <arg><option>--plugin-dir=<replaceable
113
115
      >DIRECTORY</replaceable></option></arg>
114
116
      <sbr/>
 
117
      <arg><option>--plugin-helper-dir=<replaceable
 
118
      >DIRECTORY</replaceable></option></arg>
 
119
      <sbr/>
115
120
      <arg><option>--config-file=<replaceable
116
121
      >FILE</replaceable></option></arg>
117
122
      <sbr/>
259
264
            Disable the plugin named
260
265
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
261
266
            started.
262
 
          </para>       
 
267
          </para>
263
268
        </listitem>
264
269
      </varlistentry>
265
270
      
318
323
      </varlistentry>
319
324
      
320
325
      <varlistentry>
 
326
        <term><option>--plugin-helper-dir
 
327
        <replaceable>DIRECTORY</replaceable></option></term>
 
328
        <listitem>
 
329
          <para>
 
330
            Specify a different plugin helper directory.  The default
 
331
            is <filename>/lib/mandos/plugin-helpers</filename>, which
 
332
            will exist in the initial <acronym>RAM</acronym> disk
 
333
            environment.  (This will simply be passed to all plugins
 
334
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
 
335
            variable.  See <xref linkend="writing_plugins"/>)
 
336
          </para>
 
337
        </listitem>
 
338
      </varlistentry>
 
339
      
 
340
      <varlistentry>
321
341
        <term><option>--config-file
322
342
        <replaceable>FILE</replaceable></option></term>
323
343
        <listitem>
424
444
      <para>
425
445
        The plugin will run in the initial RAM disk environment, so
426
446
        care must be taken not to depend on any files or running
427
 
        services not available there.
 
447
        services not available there.  Any helper executables required
 
448
        by the plugin (which are not in the <envar>PATH</envar>) can
 
449
        be placed in the plugin helper directory, the name of which
 
450
        will be made available to the plugin via the
 
451
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
428
452
      </para>
429
453
      <para>
430
454
        The plugin must exit cleanly and free all allocated resources
473
497
      only passes on its environment to all the plugins.  The
474
498
      environment passed to plugins can be modified using the
475
499
      <option>--global-env</option> and <option>--env-for</option>
476
 
      options.
 
500
      options.  Also, the <option>--plugin-helper-dir</option> option
 
501
      will affect the environment variable
 
502
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
477
503
    </para>
478
504
  </refsect1>
479
505
  
570
596
    </informalexample>
571
597
    <informalexample>
572
598
      <para>
573
 
        Run plugins from a different directory, read a different
574
 
        configuration file, and add two options to the
 
599
        Read a different configuration file, run plugins from a
 
600
        different directory, specify an alternate plugin helper
 
601
        directory and add two options to the
575
602
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
576
603
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
577
604
      </para>
578
605
      <para>
579
606
 
580
607
<!-- do not wrap this line -->
581
 
<userinput>&COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>
 
608
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
582
609
 
583
610
      </para>
584
611
    </informalexample>
616
643
  <refsect1 id="see_also">
617
644
    <title>SEE ALSO</title>
618
645
    <para>
 
646
      <citerefentry><refentrytitle>intro</refentrytitle>
 
647
      <manvolnum>8mandos</manvolnum></citerefentry>,
619
648
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
620
649
      <manvolnum>8</manvolnum></citerefentry>,
621
650
      <citerefentry><refentrytitle>crypttab</refentrytitle>