/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-10-24 17:37:16 UTC
  • mfrom: (237.7.338 trunk)
  • Revision ID: teddy@recompile.se-20151024173716-cmst924xz22yq58z
Merge from trunk.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "plugin-runner">
6
 
<!ENTITY TIMESTAMP "2008-09-04">
 
5
<!ENTITY TIMESTAMP "2015-07-20">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
34
42
      <holder>Teddy Hogeborn</holder>
35
43
      <holder>Björn Påhlsson</holder>
36
44
    </copyright>
37
45
    <xi:include href="legalnotice.xml"/>
38
46
  </refentryinfo>
39
 
 
 
47
  
40
48
  <refmeta>
41
49
    <refentrytitle>&COMMANDNAME;</refentrytitle>
42
50
    <manvolnum>8mandos</manvolnum>
48
56
      Run Mandos plugins, pass data from first to succeed.
49
57
    </refpurpose>
50
58
  </refnamediv>
51
 
 
 
59
  
52
60
  <refsynopsisdiv>
53
61
    <cmdsynopsis>
54
62
      <command>&COMMANDNAME;</command>
55
63
      <group rep="repeat">
56
64
        <arg choice="plain"><option>--global-env=<replaceable
57
 
        >VAR</replaceable><literal>=</literal><replaceable
 
65
        >ENV</replaceable><literal>=</literal><replaceable
58
66
        >value</replaceable></option></arg>
59
67
        <arg choice="plain"><option>-G
60
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
68
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
61
69
        >value</replaceable> </option></arg>
62
70
      </group>
63
71
      <sbr/>
111
119
      <arg><option>--plugin-dir=<replaceable
112
120
      >DIRECTORY</replaceable></option></arg>
113
121
      <sbr/>
 
122
      <arg><option>--plugin-helper-dir=<replaceable
 
123
      >DIRECTORY</replaceable></option></arg>
 
124
      <sbr/>
114
125
      <arg><option>--config-file=<replaceable
115
126
      >FILE</replaceable></option></arg>
116
127
      <sbr/>
170
181
    <variablelist>
171
182
      <varlistentry>
172
183
        <term><option>--global-env
173
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
184
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
174
185
        >value</replaceable></option></term>
175
186
        <term><option>-G
176
 
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
 
187
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
177
188
        >value</replaceable></option></term>
178
189
        <listitem>
179
190
          <para>
247
258
          </para>
248
259
        </listitem>
249
260
      </varlistentry>
250
 
 
 
261
      
251
262
      <varlistentry>
252
263
        <term><option>--disable
253
264
        <replaceable>PLUGIN</replaceable></option></term>
258
269
            Disable the plugin named
259
270
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
260
271
            started.
261
 
          </para>       
 
272
          </para>
262
273
        </listitem>
263
274
      </varlistentry>
264
 
 
 
275
      
265
276
      <varlistentry>
266
277
        <term><option>--enable
267
278
        <replaceable>PLUGIN</replaceable></option></term>
276
287
          </para>
277
288
        </listitem>
278
289
      </varlistentry>
279
 
 
 
290
      
280
291
      <varlistentry>
281
292
        <term><option>--groupid
282
293
        <replaceable>ID</replaceable></option></term>
289
300
          </para>
290
301
        </listitem>
291
302
      </varlistentry>
292
 
 
 
303
      
293
304
      <varlistentry>
294
305
        <term><option>--userid
295
306
        <replaceable>ID</replaceable></option></term>
302
313
          </para>
303
314
        </listitem>
304
315
      </varlistentry>
305
 
 
 
316
      
306
317
      <varlistentry>
307
318
        <term><option>--plugin-dir
308
319
        <replaceable>DIRECTORY</replaceable></option></term>
317
328
      </varlistentry>
318
329
      
319
330
      <varlistentry>
 
331
        <term><option>--plugin-helper-dir
 
332
        <replaceable>DIRECTORY</replaceable></option></term>
 
333
        <listitem>
 
334
          <para>
 
335
            Specify a different plugin helper directory.  The default
 
336
            is <filename>/lib/mandos/plugin-helpers</filename>, which
 
337
            will exist in the initial <acronym>RAM</acronym> disk
 
338
            environment.  (This will simply be passed to all plugins
 
339
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
 
340
            variable.  See <xref linkend="writing_plugins"/>)
 
341
          </para>
 
342
        </listitem>
 
343
      </varlistentry>
 
344
      
 
345
      <varlistentry>
320
346
        <term><option>--config-file
321
347
        <replaceable>FILE</replaceable></option></term>
322
348
        <listitem>
365
391
          </para>
366
392
        </listitem>
367
393
      </varlistentry>
368
 
 
 
394
      
369
395
      <varlistentry>
370
396
        <term><option>--version</option></term>
371
397
        <term><option>-V</option></term>
377
403
      </varlistentry>
378
404
    </variablelist>
379
405
  </refsect1>
380
 
 
 
406
  
381
407
  <refsect1 id="overview">
382
408
    <title>OVERVIEW</title>
383
409
    <xi:include href="overview.xml"/>
403
429
      code will make this plugin-runner output the password from that
404
430
      plugin, stop any other plugins, and exit.
405
431
    </para>
406
 
 
 
432
    
407
433
    <refsect2 id="writing_plugins">
408
434
      <title>WRITING PLUGINS</title>
409
435
      <para>
416
442
        console.
417
443
      </para>
418
444
      <para>
 
445
        If the password is a single-line, manually entered passprase,
 
446
        a final trailing newline character should
 
447
        <emphasis>not</emphasis> be printed.
 
448
      </para>
 
449
      <para>
419
450
        The plugin will run in the initial RAM disk environment, so
420
451
        care must be taken not to depend on any files or running
421
 
        services not available there.
 
452
        services not available there.  Any helper executables required
 
453
        by the plugin (which are not in the <envar>PATH</envar>) can
 
454
        be placed in the plugin helper directory, the name of which
 
455
        will be made available to the plugin via the
 
456
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
422
457
      </para>
423
458
      <para>
424
459
        The plugin must exit cleanly and free all allocated resources
467
502
      only passes on its environment to all the plugins.  The
468
503
      environment passed to plugins can be modified using the
469
504
      <option>--global-env</option> and <option>--env-for</option>
470
 
      options.
 
505
      options.  Also, the <option>--plugin-helper-dir</option> option
 
506
      will affect the environment variable
 
507
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
471
508
    </para>
472
509
  </refsect1>
473
510
  
564
601
    </informalexample>
565
602
    <informalexample>
566
603
      <para>
567
 
        Run plugins from a different directory and add two
568
 
        options to the <citerefentry><refentrytitle
569
 
        >password-request</refentrytitle>
 
604
        Read a different configuration file, run plugins from a
 
605
        different directory, specify an alternate plugin helper
 
606
        directory and add two options to the
 
607
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
570
608
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
571
609
      </para>
572
610
      <para>
573
611
 
574
612
<!-- do not wrap this line -->
575
 
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
 
613
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
576
614
 
577
615
      </para>
578
616
    </informalexample>
586
624
      non-privileged.  This user and group is then what all plugins
587
625
      will be started as.  Therefore, the only way to run a plugin as
588
626
      a privileged user is to have the set-user-ID or set-group-ID bit
589
 
      set on the plugin executable files (see <citerefentry>
 
627
      set on the plugin executable file (see <citerefentry>
590
628
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
591
629
      </citerefentry>).
592
630
    </para>
610
648
  <refsect1 id="see_also">
611
649
    <title>SEE ALSO</title>
612
650
    <para>
 
651
      <citerefentry><refentrytitle>intro</refentrytitle>
 
652
      <manvolnum>8mandos</manvolnum></citerefentry>,
613
653
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
614
654
      <manvolnum>8</manvolnum></citerefentry>,
615
655
      <citerefentry><refentrytitle>crypttab</refentrytitle>
620
660
      <manvolnum>8</manvolnum></citerefentry>,
621
661
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
622
662
      <manvolnum>8mandos</manvolnum></citerefentry>,
623
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
663
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
624
664
      <manvolnum>8mandos</manvolnum></citerefentry>
625
665
    </para>
626
666
  </refsect1>