/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Björn Påhlsson
  • Date: 2008-09-03 21:18:05 UTC
  • mto: (237.7.1 mandos) (24.1.154 mandos)
  • mto: This revision was merged to the branch mainline in revision 153.
  • Revision ID: belorn@braxen-20080903211805-2evlp1ooipx0rr8f
added some comments about security

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2011-10-05">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-02">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
34
      <holder>Teddy Hogeborn</holder>
38
35
      <holder>Björn Påhlsson</holder>
39
36
    </copyright>
40
37
    <xi:include href="legalnotice.xml"/>
41
38
  </refentryinfo>
42
 
  
 
39
 
43
40
  <refmeta>
44
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
45
42
    <manvolnum>8mandos</manvolnum>
48
45
  <refnamediv>
49
46
    <refname><command>&COMMANDNAME;</command></refname>
50
47
    <refpurpose>
51
 
      Run Mandos plugins, pass data from first to succeed.
 
48
      Run Mandos plugins.  Pass data from first succesful one.
52
49
    </refpurpose>
53
50
  </refnamediv>
54
 
  
 
51
 
55
52
  <refsynopsisdiv>
56
53
    <cmdsynopsis>
57
54
      <command>&COMMANDNAME;</command>
58
55
      <group rep="repeat">
59
56
        <arg choice="plain"><option>--global-env=<replaceable
60
 
        >ENV</replaceable><literal>=</literal><replaceable
 
57
        >VAR</replaceable><literal>=</literal><replaceable
61
58
        >value</replaceable></option></arg>
62
59
        <arg choice="plain"><option>-G
63
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
60
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
64
61
        >value</replaceable> </option></arg>
65
62
      </group>
66
63
      <sbr/>
143
140
    <title>DESCRIPTION</title>
144
141
    <para>
145
142
      <command>&COMMANDNAME;</command> is a program which is meant to
146
 
      be specified as a <quote>keyscript</quote> for the root disk in
147
 
      <citerefentry><refentrytitle>crypttab</refentrytitle>
148
 
      <manvolnum>5</manvolnum></citerefentry>.  The aim of this
149
 
      program is therefore to output a password, which then
150
 
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
 
143
      be specified as <quote>keyscript</quote> in <citerefentry>
 
144
      <refentrytitle>crypttab</refentrytitle>
 
145
      <manvolnum>5</manvolnum></citerefentry> for the root disk.  The
 
146
      aim of this program is therefore to output a password, which
 
147
      then <citerefentry><refentrytitle>cryptsetup</refentrytitle>
151
148
      <manvolnum>8</manvolnum></citerefentry> will use to unlock the
152
149
      root disk.
153
150
    </para>
173
170
    <variablelist>
174
171
      <varlistentry>
175
172
        <term><option>--global-env
176
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
173
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
177
174
        >value</replaceable></option></term>
178
175
        <term><option>-G
179
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
176
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
180
177
        >value</replaceable></option></term>
181
178
        <listitem>
182
179
          <para>
250
247
          </para>
251
248
        </listitem>
252
249
      </varlistentry>
253
 
      
 
250
 
254
251
      <varlistentry>
255
252
        <term><option>--disable
256
253
        <replaceable>PLUGIN</replaceable></option></term>
261
258
            Disable the plugin named
262
259
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
263
260
            started.
264
 
          </para>
 
261
          </para>       
265
262
        </listitem>
266
263
      </varlistentry>
267
 
      
 
264
 
268
265
      <varlistentry>
269
266
        <term><option>--enable
270
267
        <replaceable>PLUGIN</replaceable></option></term>
275
272
            Re-enable the plugin named
276
273
            <replaceable>PLUGIN</replaceable>.  This is only useful to
277
274
            undo a previous <option>--disable</option> option, maybe
278
 
            from the configuration file.
 
275
            from the config file.
279
276
          </para>
280
277
        </listitem>
281
278
      </varlistentry>
282
 
      
 
279
 
283
280
      <varlistentry>
284
281
        <term><option>--groupid
285
282
        <replaceable>ID</replaceable></option></term>
292
289
          </para>
293
290
        </listitem>
294
291
      </varlistentry>
295
 
      
 
292
 
296
293
      <varlistentry>
297
294
        <term><option>--userid
298
295
        <replaceable>ID</replaceable></option></term>
305
302
          </para>
306
303
        </listitem>
307
304
      </varlistentry>
308
 
      
 
305
 
309
306
      <varlistentry>
310
307
        <term><option>--plugin-dir
311
308
        <replaceable>DIRECTORY</replaceable></option></term>
368
365
          </para>
369
366
        </listitem>
370
367
      </varlistentry>
371
 
      
 
368
 
372
369
      <varlistentry>
373
370
        <term><option>--version</option></term>
374
371
        <term><option>-V</option></term>
380
377
      </varlistentry>
381
378
    </variablelist>
382
379
  </refsect1>
383
 
  
 
380
 
384
381
  <refsect1 id="overview">
385
382
    <title>OVERVIEW</title>
386
383
    <xi:include href="overview.xml"/>
406
403
      code will make this plugin-runner output the password from that
407
404
      plugin, stop any other plugins, and exit.
408
405
    </para>
409
 
    
 
406
 
410
407
    <refsect2 id="writing_plugins">
411
408
      <title>WRITING PLUGINS</title>
412
409
      <para>
419
416
        console.
420
417
      </para>
421
418
      <para>
422
 
        If the password is a single-line, manually entered passprase,
423
 
        a final trailing newline character should
424
 
        <emphasis>not</emphasis> be printed.
425
 
      </para>
426
 
      <para>
427
419
        The plugin will run in the initial RAM disk environment, so
428
420
        care must be taken not to depend on any files or running
429
421
        services not available there.
436
428
      </para>
437
429
      <para>
438
430
        The plugin must not use resources, like for instance reading
439
 
        from the standard input, without knowing that no other plugin
440
 
        is also using it.
 
431
        from the standard input, without knowing that no other plugins
 
432
        are also using it.
441
433
      </para>
442
434
      <para>
443
435
        It is useful, but not required, for the plugin to take the
475
467
      only passes on its environment to all the plugins.  The
476
468
      environment passed to plugins can be modified using the
477
469
      <option>--global-env</option> and <option>--env-for</option>
478
 
      options.
 
470
      optins.
479
471
    </para>
480
472
  </refsect1>
481
473
  
518
510
    </para>
519
511
  </refsect1>
520
512
  
521
 
  <refsect1 id="bugs">
522
 
    <title>BUGS</title>
523
 
    <para>
524
 
      The <option>--config-file</option> option is ignored when
525
 
      specified from within a configuration file.
526
 
    </para>
527
 
  </refsect1>
 
513
<!--   <refsect1 id="bugs"> -->
 
514
<!--     <title>BUGS</title> -->
 
515
<!--     <para> -->
 
516
<!--     </para> -->
 
517
<!--   </refsect1> -->
528
518
  
529
519
  <refsect1 id="examples">
530
520
    <title>EXAMPLE</title>
572
562
    </informalexample>
573
563
    <informalexample>
574
564
      <para>
575
 
        Run plugins from a different directory, read a different
576
 
        configuration file, and add two options to the
577
 
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
 
565
        Run plugins from a different directory and add a special
 
566
        option to the <citerefentry><refentrytitle
 
567
        >password-request</refentrytitle>
578
568
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
579
569
      </para>
580
570
      <para>
581
571
 
582
572
<!-- do not wrap this line -->
583
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
573
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--keydir=keydir</userinput>
584
574
 
585
575
      </para>
586
576
    </informalexample>
594
584
      non-privileged.  This user and group is then what all plugins
595
585
      will be started as.  Therefore, the only way to run a plugin as
596
586
      a privileged user is to have the set-user-ID or set-group-ID bit
597
 
      set on the plugin executable file (see <citerefentry>
 
587
      set on the plugin executable files (see <citerefentry>
598
588
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
599
589
      </citerefentry>).
600
590
    </para>
601
591
    <para>
602
592
      If this program is used as a keyscript in <citerefentry
603
593
      ><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
604
 
      </citerefentry>, there is a slight risk that if this program
605
 
      fails to work, there might be no way to boot the system except
606
 
      for booting from another media and editing the initial RAM disk
 
594
      </citerefentry>, there is a risk that if this program fails to
 
595
      work, there might be no way to boot the system except for
 
596
      booting from another media and editing the initial RAM disk
607
597
      image to not run this program.  This is, however, unlikely,
608
598
      since the <citerefentry><refentrytitle
609
599
      >password-prompt</refentrytitle><manvolnum>8mandos</manvolnum>
618
608
  <refsect1 id="see_also">
619
609
    <title>SEE ALSO</title>
620
610
    <para>
621
 
      <citerefentry><refentrytitle>intro</refentrytitle>
622
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
623
611
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
624
612
      <manvolnum>8</manvolnum></citerefentry>,
625
613
      <citerefentry><refentrytitle>crypttab</refentrytitle>
630
618
      <manvolnum>8</manvolnum></citerefentry>,
631
619
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
632
620
      <manvolnum>8mandos</manvolnum></citerefentry>,
633
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
621
      <citerefentry><refentrytitle>password-request</refentrytitle>
634
622
      <manvolnum>8mandos</manvolnum></citerefentry>
635
623
    </para>
636
624
  </refsect1>