/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Björn Påhlsson
  • Date: 2008-09-04 19:59:05 UTC
  • mto: (237.7.1 mandos) (24.1.154 mandos)
  • mto: This revision was merged to the branch mainline in revision 164.
  • Revision ID: belorn@braxen-20080904195905-a3qfv1np32auumwm
fixed two bugs:
      A overbuffer flow in enviro variables causing seg fault
      A incorrect use of strsep causing seg fault

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2016-03-05">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-04">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
34
      <holder>Teddy Hogeborn</holder>
44
35
      <holder>Björn Påhlsson</holder>
45
36
    </copyright>
46
37
    <xi:include href="legalnotice.xml"/>
47
38
  </refentryinfo>
48
 
  
 
39
 
49
40
  <refmeta>
50
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
51
42
    <manvolnum>8mandos</manvolnum>
57
48
      Run Mandos plugins, pass data from first to succeed.
58
49
    </refpurpose>
59
50
  </refnamediv>
60
 
  
 
51
 
61
52
  <refsynopsisdiv>
62
53
    <cmdsynopsis>
63
54
      <command>&COMMANDNAME;</command>
64
55
      <group rep="repeat">
65
56
        <arg choice="plain"><option>--global-env=<replaceable
66
 
        >ENV</replaceable><literal>=</literal><replaceable
 
57
        >VAR</replaceable><literal>=</literal><replaceable
67
58
        >value</replaceable></option></arg>
68
59
        <arg choice="plain"><option>-G
69
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
60
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
70
61
        >value</replaceable> </option></arg>
71
62
      </group>
72
63
      <sbr/>
120
111
      <arg><option>--plugin-dir=<replaceable
121
112
      >DIRECTORY</replaceable></option></arg>
122
113
      <sbr/>
123
 
      <arg><option>--plugin-helper-dir=<replaceable
124
 
      >DIRECTORY</replaceable></option></arg>
125
 
      <sbr/>
126
114
      <arg><option>--config-file=<replaceable
127
115
      >FILE</replaceable></option></arg>
128
116
      <sbr/>
182
170
    <variablelist>
183
171
      <varlistentry>
184
172
        <term><option>--global-env
185
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
173
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
186
174
        >value</replaceable></option></term>
187
175
        <term><option>-G
188
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
176
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
189
177
        >value</replaceable></option></term>
190
178
        <listitem>
191
179
          <para>
259
247
          </para>
260
248
        </listitem>
261
249
      </varlistentry>
262
 
      
 
250
 
263
251
      <varlistentry>
264
252
        <term><option>--disable
265
253
        <replaceable>PLUGIN</replaceable></option></term>
270
258
            Disable the plugin named
271
259
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
272
260
            started.
273
 
          </para>
 
261
          </para>       
274
262
        </listitem>
275
263
      </varlistentry>
276
 
      
 
264
 
277
265
      <varlistentry>
278
266
        <term><option>--enable
279
267
        <replaceable>PLUGIN</replaceable></option></term>
288
276
          </para>
289
277
        </listitem>
290
278
      </varlistentry>
291
 
      
 
279
 
292
280
      <varlistentry>
293
281
        <term><option>--groupid
294
282
        <replaceable>ID</replaceable></option></term>
301
289
          </para>
302
290
        </listitem>
303
291
      </varlistentry>
304
 
      
 
292
 
305
293
      <varlistentry>
306
294
        <term><option>--userid
307
295
        <replaceable>ID</replaceable></option></term>
314
302
          </para>
315
303
        </listitem>
316
304
      </varlistentry>
317
 
      
 
305
 
318
306
      <varlistentry>
319
307
        <term><option>--plugin-dir
320
308
        <replaceable>DIRECTORY</replaceable></option></term>
329
317
      </varlistentry>
330
318
      
331
319
      <varlistentry>
332
 
        <term><option>--plugin-helper-dir
333
 
        <replaceable>DIRECTORY</replaceable></option></term>
334
 
        <listitem>
335
 
          <para>
336
 
            Specify a different plugin helper directory.  The default
337
 
            is <filename>/lib/mandos/plugin-helpers</filename>, which
338
 
            will exist in the initial <acronym>RAM</acronym> disk
339
 
            environment.  (This will simply be passed to all plugins
340
 
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
341
 
            variable.  See <xref linkend="writing_plugins"/>)
342
 
          </para>
343
 
        </listitem>
344
 
      </varlistentry>
345
 
      
346
 
      <varlistentry>
347
320
        <term><option>--config-file
348
321
        <replaceable>FILE</replaceable></option></term>
349
322
        <listitem>
392
365
          </para>
393
366
        </listitem>
394
367
      </varlistentry>
395
 
      
 
368
 
396
369
      <varlistentry>
397
370
        <term><option>--version</option></term>
398
371
        <term><option>-V</option></term>
404
377
      </varlistentry>
405
378
    </variablelist>
406
379
  </refsect1>
407
 
  
 
380
 
408
381
  <refsect1 id="overview">
409
382
    <title>OVERVIEW</title>
410
383
    <xi:include href="overview.xml"/>
430
403
      code will make this plugin-runner output the password from that
431
404
      plugin, stop any other plugins, and exit.
432
405
    </para>
433
 
    
 
406
 
434
407
    <refsect2 id="writing_plugins">
435
408
      <title>WRITING PLUGINS</title>
436
409
      <para>
443
416
        console.
444
417
      </para>
445
418
      <para>
446
 
        If the password is a single-line, manually entered passprase,
447
 
        a final trailing newline character should
448
 
        <emphasis>not</emphasis> be printed.
449
 
      </para>
450
 
      <para>
451
419
        The plugin will run in the initial RAM disk environment, so
452
420
        care must be taken not to depend on any files or running
453
 
        services not available there.  Any helper executables required
454
 
        by the plugin (which are not in the <envar>PATH</envar>) can
455
 
        be placed in the plugin helper directory, the name of which
456
 
        will be made available to the plugin via the
457
 
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
 
421
        services not available there.
458
422
      </para>
459
423
      <para>
460
424
        The plugin must exit cleanly and free all allocated resources
503
467
      only passes on its environment to all the plugins.  The
504
468
      environment passed to plugins can be modified using the
505
469
      <option>--global-env</option> and <option>--env-for</option>
506
 
      options.  Also, the <option>--plugin-helper-dir</option> option
507
 
      will affect the environment variable
508
 
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
 
470
      options.
509
471
    </para>
510
472
  </refsect1>
511
473
  
548
510
    </para>
549
511
  </refsect1>
550
512
  
551
 
  <refsect1 id="bugs">
552
 
    <title>BUGS</title>
553
 
    <para>
554
 
      The <option>--config-file</option> option is ignored when
555
 
      specified from within a configuration file.
556
 
    </para>
557
 
    <xi:include href="bugs.xml"/>
558
 
  </refsect1>
 
513
<!--   <refsect1 id="bugs"> -->
 
514
<!--     <title>BUGS</title> -->
 
515
<!--     <para> -->
 
516
<!--     </para> -->
 
517
<!--   </refsect1> -->
559
518
  
560
519
  <refsect1 id="examples">
561
520
    <title>EXAMPLE</title>
603
562
    </informalexample>
604
563
    <informalexample>
605
564
      <para>
606
 
        Read a different configuration file, run plugins from a
607
 
        different directory, specify an alternate plugin helper
608
 
        directory and add two options to the
609
 
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
 
565
        Run plugins from a different directory and add two
 
566
        options to the <citerefentry><refentrytitle
 
567
        >password-request</refentrytitle>
610
568
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
611
569
      </para>
612
570
      <para>
613
571
 
614
572
<!-- do not wrap this line -->
615
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
573
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
616
574
 
617
575
      </para>
618
576
    </informalexample>
626
584
      non-privileged.  This user and group is then what all plugins
627
585
      will be started as.  Therefore, the only way to run a plugin as
628
586
      a privileged user is to have the set-user-ID or set-group-ID bit
629
 
      set on the plugin executable file (see <citerefentry>
 
587
      set on the plugin executable files (see <citerefentry>
630
588
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
631
589
      </citerefentry>).
632
590
    </para>
650
608
  <refsect1 id="see_also">
651
609
    <title>SEE ALSO</title>
652
610
    <para>
653
 
      <citerefentry><refentrytitle>intro</refentrytitle>
654
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
655
611
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
656
612
      <manvolnum>8</manvolnum></citerefentry>,
657
613
      <citerefentry><refentrytitle>crypttab</refentrytitle>
662
618
      <manvolnum>8</manvolnum></citerefentry>,
663
619
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
664
620
      <manvolnum>8mandos</manvolnum></citerefentry>,
665
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
621
      <citerefentry><refentrytitle>password-request</refentrytitle>
666
622
      <manvolnum>8mandos</manvolnum></citerefentry>
667
623
    </para>
668
624
  </refsect1>