/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 08:41:14 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 372.
  • Revision ID: teddy@recompile.se-20190210084114-u91mijrxtifvzra5
Bug fix: Only create TLS key with certtool, and read correct key file

* debian/mandos-client.postinst (create_keys): Remove any bad keys
                                               created by 1.8.0-1.
                                               Only create TLS keys if
                                               certtool succeeds.
* debian/mandos.postinst (configure): Remove any bad keys from
                                      clients.conf, and inform the
                                      user if any were found.
* debian/mandos.templates (mandos/removed_bad_key_ids): New message.
* mandos (MandosServer.handle_ipc): Do not trust a key_id with a known
                                    bad key ID.
* mandos-keygen (keygen): Only create TLS keys if certtool succeeds.
  (password): Bug fix: Generate key_id correctly, and only output
              key_id if TLS key exists.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "password-prompt">
6
 
<!ENTITY TIMESTAMP "2008-08-29">
 
5
<!ENTITY TIMESTAMP "2019-02-10">
 
6
<!ENTITY % common SYSTEM "../common.ent">
 
7
%common;
7
8
]>
8
9
 
9
 
<refentry>
 
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
11
  <refentryinfo>
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
 
45
      <year>2019</year>
34
46
      <holder>Teddy Hogeborn</holder>
35
47
      <holder>Björn Påhlsson</holder>
36
48
    </copyright>
37
 
    <legalnotice>
38
 
      <para>
39
 
        This manual page is free software: you can redistribute it
40
 
        and/or modify it under the terms of the GNU General Public
41
 
        License as published by the Free Software Foundation,
42
 
        either version 3 of the License, or (at your option) any
43
 
        later version.
44
 
      </para>
45
 
      
46
 
      <para>
47
 
        This manual page is distributed in the hope that it will
48
 
        be useful, but WITHOUT ANY WARRANTY; without even the
49
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
50
 
        PARTICULAR PURPOSE.  See the GNU General Public License
51
 
        for more details.
52
 
      </para>
53
 
      
54
 
      <para>
55
 
        You should have received a copy of the GNU General Public
56
 
        License along with this program; If not, see
57
 
        <ulink url="http://www.gnu.org/licenses/"/>.
58
 
      </para>
59
 
    </legalnotice>
 
49
    <xi:include href="../legalnotice.xml"/>
60
50
  </refentryinfo>
61
51
  
62
52
  <refmeta>
73
63
    <cmdsynopsis>
74
64
      <command>&COMMANDNAME;</command>
75
65
      <group choice="opt">
76
 
        <arg choice="plain"><option>-p <replaceable
 
66
        <arg choice="plain"><option>--prefix <replaceable
77
67
        >PREFIX</replaceable></option></arg>
78
 
        <arg choice="plain"><option>--prefix </option><replaceable
 
68
        <arg choice="plain"><option>-p </option><replaceable
79
69
        >PREFIX</replaceable></arg>
80
70
      </group>
 
71
      <sbr/>
81
72
      <arg choice="opt"><option>--debug</option></arg>
82
73
    </cmdsynopsis>
83
74
    <cmdsynopsis>
84
75
      <command>&COMMANDNAME;</command>
85
76
      <group choice="req">
 
77
        <arg choice="plain"><option>--help</option></arg>
86
78
        <arg choice="plain"><option>-?</option></arg>
87
 
        <arg choice="plain"><option>--help</option></arg>
88
79
      </group>
89
80
    </cmdsynopsis>
90
81
    <cmdsynopsis>
94
85
    <cmdsynopsis>
95
86
      <command>&COMMANDNAME;</command>
96
87
      <group choice="req">
 
88
        <arg choice="plain"><option>--version</option></arg>
97
89
        <arg choice="plain"><option>-V</option></arg>
98
 
        <arg choice="plain"><option>--version</option></arg>
99
90
      </group>
100
 
    </cmdsynopsis>    
 
91
    </cmdsynopsis>
101
92
  </refsynopsisdiv>
102
93
  
103
94
  <refsect1 id="description">
104
95
    <title>DESCRIPTION</title>
105
96
    <para>
106
97
      All <command>&COMMANDNAME;</command> does is prompt for a
107
 
      password and output any given password to standard output.  This
108
 
      is not very useful on its own.  This program is really meant to
109
 
      run as a plugin in the <application>Mandos</application>
110
 
      client-side system, where it is used as a fallback and
111
 
      alternative to retriving passwords from a <application
112
 
      >Mandos</application> server.
 
98
      password and output any given password to standard output.
 
99
    </para>
 
100
    <para>
 
101
      This program is not very useful on its own.  This program is
 
102
      really meant to run as a plugin in the <application
 
103
      >Mandos</application> client-side system, where it is used as a
 
104
      fallback and alternative to retrieving passwords from a
 
105
      <application >Mandos</application> server.
113
106
    </para>
114
107
    <para>
115
108
      This program is little more than a <citerefentry><refentrytitle
133
126
    
134
127
    <variablelist>
135
128
      <varlistentry>
136
 
        <term><option>-p</option> <replaceable>PREFIX</replaceable
137
 
        ></term>
138
 
        <term><option>--prefix=</option><replaceable
139
 
        >PREFIX</replaceable></term>
 
129
        <term><option>--prefix=<replaceable
 
130
        >PREFIX</replaceable></option></term>
 
131
        <term><option>-p
 
132
        <replaceable>PREFIX</replaceable></option></term>
140
133
        <listitem>
141
134
          <para>
142
135
            Prefix string shown before the password prompt.
156
149
      </varlistentry>
157
150
      
158
151
      <varlistentry>
 
152
        <term><option>--help</option></term>
159
153
        <term><option>-?</option></term>
160
 
        <term><option>--help</option></term>
161
154
        <listitem>
162
155
          <para>
163
156
            Gives a help message about options and their meanings.
175
168
      </varlistentry>
176
169
      
177
170
      <varlistentry>
 
171
        <term><option>--version</option></term>
178
172
        <term><option>-V</option></term>
179
 
        <term><option>--version</option></term>
180
173
        <listitem>
181
174
          <para>
182
175
            Prints the program version.
183
176
          </para>
184
177
        </listitem>
185
 
      </varlistentry>            
 
178
      </varlistentry>
186
179
    </variablelist>
187
180
  </refsect1>
188
181
  
200
193
    <title>ENVIRONMENT</title>
201
194
    <variablelist>
202
195
      <varlistentry>
203
 
        <term><envar>cryptsource</envar></term>
204
 
        <term><envar>crypttarget</envar></term>
 
196
        <term><envar>CRYPTTAB_SOURCE</envar></term>
 
197
        <term><envar>CRYPTTAB_NAME</envar></term>
205
198
        <listitem>
206
199
          <para>
207
200
            If set, these environment variables will be assumed to
215
208
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
216
209
          normally have inherited them from
217
210
          <filename>/scripts/local-top/cryptroot</filename> in the
218
 
          initial RAM disk environment, which will have set them from
219
 
          parsing kernel arguments and
 
211
          initial <acronym>RAM</acronym> disk environment, which will
 
212
          have set them from parsing kernel arguments and
220
213
          <filename>/conf/conf.d/cryptroot</filename> (also in the
221
214
          initial RAM disk environment), which in turn will have been
222
215
          created when the initial RAM disk image was created by
236
229
  
237
230
  <refsect1 id="bugs">
238
231
    <title>BUGS</title>
239
 
    <para>
240
 
      None are known at this time.
241
 
    </para>
242
 
  </refsect1>  
 
232
    <xi:include href="../bugs.xml"/>
 
233
  </refsect1>
243
234
  
244
235
  <refsect1 id="example">
245
236
    <title>EXAMPLE</title>
261
252
      <para>
262
253
        Show a prefix before the prompt; in this case, a host name.
263
254
        It might be useful to be reminded of which host needs a
264
 
        password, in case of KVM switches, etc.
 
255
        password, in case of <acronym>KVM</acronym> switches, etc.
265
256
      </para>
266
257
      <para>
267
258
 
291
282
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
292
283
      </citerefentry>, and will, when run standalone, outside, in a
293
284
      normal environment, immediately output on its standard output
294
 
      any presumably secret password it just recieved.  Therefore,
 
285
      any presumably secret password it just received.  Therefore,
295
286
      when running this program standalone (which should never
296
287
      normally be done), take care not to type in any real secret
297
288
      password by force of habit, since it would then immediately be
309
300
  <refsect1 id="see_also">
310
301
    <title>SEE ALSO</title>
311
302
    <para>
 
303
      <citerefentry><refentrytitle>intro</refentrytitle>
 
304
      <manvolnum>8mandos</manvolnum></citerefentry>
312
305
      <citerefentry><refentrytitle>crypttab</refentrytitle>
313
306
      <manvolnum>5</manvolnum></citerefentry>
314
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
307
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
315
308
      <manvolnum>8mandos</manvolnum></citerefentry>
316
309
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
317
310
      <manvolnum>8mandos</manvolnum></citerefentry>,