/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY COMMANDNAME "splashy">
923 by Teddy Hogeborn
Update copyright year to 2018
5
<!ENTITY TIMESTAMP "2018-02-08">
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
6
<!ENTITY % common SYSTEM "../common.ent">
7
%common;
8
]>
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
  <refentryinfo>
12
    <title>Mandos Manual</title>
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
    <productname>Mandos</productname>
15
    <productnumber>&version;</productnumber>
16
    <date>&TIMESTAMP;</date>
17
    <authorgroup>
18
      <author>
19
	<firstname>Björn</firstname>
20
	<surname>Påhlsson</surname>
21
	<address>
505.1.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
22
	  <email>belorn@recompile.se</email>
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
23
	</address>
24
      </author>
25
      <author>
26
	<firstname>Teddy</firstname>
27
	<surname>Hogeborn</surname>
28
	<address>
505.1.2 by Teddy Hogeborn
Change "fukt.bsnet.se" to "recompile.se" throughout.
29
	  <email>teddy@recompile.se</email>
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
30
	</address>
31
      </author>
32
    </authorgroup>
33
    <copyright>
34
      <year>2008</year>
246 by Teddy Hogeborn
* README: Update copyright year; add "2009".
35
      <year>2009</year>
778 by Teddy Hogeborn
Update copyright year.
36
      <year>2010</year>
37
      <year>2011</year>
544 by Teddy Hogeborn
Updated year in copyright notices.
38
      <year>2012</year>
778 by Teddy Hogeborn
Update copyright year.
39
      <year>2013</year>
40
      <year>2014</year>
41
      <year>2015</year>
807 by Teddy Hogeborn
Update copyright year.
42
      <year>2016</year>
899 by Teddy Hogeborn
Update copyright year to 2017
43
      <year>2017</year>
923 by Teddy Hogeborn
Update copyright year to 2018
44
      <year>2018</year>
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
45
      <holder>Teddy Hogeborn</holder>
46
      <holder>Björn Påhlsson</holder>
47
    </copyright>
48
    <xi:include href="../legalnotice.xml"/>
49
  </refentryinfo>
50
  
51
  <refmeta>
52
    <refentrytitle>&COMMANDNAME;</refentrytitle>
53
    <manvolnum>8mandos</manvolnum>
54
  </refmeta>
55
  
56
  <refnamediv>
57
    <refname><command>&COMMANDNAME;</command></refname>
58
    <refpurpose>Mandos plugin to use splashy to get a
59
    password.</refpurpose>
60
  </refnamediv>
61
  
62
  <refsynopsisdiv>
63
    <cmdsynopsis>
64
      <command>&COMMANDNAME;</command>
65
    </cmdsynopsis>
66
  </refsynopsisdiv>
67
  
68
  <refsect1 id="description">
69
    <title>DESCRIPTION</title>
70
    <para>
71
      This program prompts for a password using <citerefentry>
72
      <refentrytitle>splashy_update</refentrytitle>
73
      <manvolnum>8</manvolnum></citerefentry> and outputs any given
74
      password to standard output.  If no <citerefentry><refentrytitle
75
      >splashy</refentrytitle><manvolnum>8</manvolnum></citerefentry>
76
      process can be found, this program will immediately exit with an
77
      exit code indicating failure.
78
    </para>
79
    <para>
80
      This program is not very useful on its own.  This program is
81
      really meant to run as a plugin in the <application
82
      >Mandos</application> client-side system, where it is used as a
83
      fallback and alternative to retrieving passwords from a
84
      <application >Mandos</application> server.
85
    </para>
86
    <para>
87
      If this program is killed (presumably by
88
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
89
      <manvolnum>8mandos</manvolnum></citerefentry> because some other
90
      plugin provided the password), it cannot tell <citerefentry>
91
      <refentrytitle>splashy</refentrytitle><manvolnum>8</manvolnum>
92
      </citerefentry> to abort requesting a password, because
93
      <citerefentry><refentrytitle>splashy</refentrytitle>
94
      <manvolnum>8</manvolnum></citerefentry> does not support this.
95
      Therefore, this program will then <emphasis>kill</emphasis> the
96
      running <citerefentry><refentrytitle>splashy</refentrytitle>
97
      <manvolnum>8</manvolnum></citerefentry> process and start a
98
      <emphasis>new</emphasis> one, using <quote><literal
99
      >boot</literal></quote> as the only argument.
100
    </para>
101
  </refsect1>
102
  
103
  <refsect1 id="options">
104
    <title>OPTIONS</title>
105
    <para>
106
      This program takes no options.
107
    </para>
108
  </refsect1>
109
  
110
  <refsect1 id="exit_status">
111
    <title>EXIT STATUS</title>
112
    <para>
113
      If exit status is 0, the output from the program is the password
114
      as it was read.  Otherwise, if exit status is other than 0, the
115
      program was interrupted or encountered an error, and any output
116
      so far could be corrupt and/or truncated, and should therefore
117
      be ignored.
118
    </para>
119
  </refsect1>
120
  
121
  <refsect1 id="environment">
122
    <title>ENVIRONMENT</title>
123
    <variablelist>
124
      <varlistentry>
125
	<term><envar>cryptsource</envar></term>
126
	<term><envar>crypttarget</envar></term>
127
	<listitem>
128
	  <para>
129
	    If set, these environment variables will be assumed to
130
	    contain the source device name and the target device
131
	    mapper name, respectively, and will be shown as part of
132
	    the prompt.
133
	</para>
134
	<para>
135
	  These variables will normally be inherited from
136
	  <citerefentry><refentrytitle>plugin-runner</refentrytitle>
137
	  <manvolnum>8mandos</manvolnum></citerefentry>, which will
138
	  normally have inherited them from
139
	  <filename>/scripts/local-top/cryptroot</filename> in the
140
	  initial <acronym>RAM</acronym> disk environment, which will
141
	  have set them from parsing kernel arguments and
142
	  <filename>/conf/conf.d/cryptroot</filename> (also in the
143
	  initial RAM disk environment), which in turn will have been
144
	  created when the initial RAM disk image was created by
145
	  <filename
146
	  >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
147
	  extracting the information of the root file system from
148
	  <filename >/etc/crypttab</filename>.
149
	</para>
150
	<para>
151
	  This behavior is meant to exactly mirror the behavior of
152
	  <command>askpass</command>, the default password prompter.
153
	</para>
154
	</listitem>
155
      </varlistentry>
156
    </variablelist>
157
  </refsect1>
158
  
159
  <refsect1 id="files">
160
    <title>FILES</title>
161
    <variablelist>
162
      <varlistentry>
163
	<term><filename>/sbin/splashy_update</filename></term>
164
	<listitem>
165
	  <para>
166
	    This is the command run to retrieve a password from
167
	    <citerefentry><refentrytitle>splashy</refentrytitle>
168
	    <manvolnum>8</manvolnum></citerefentry>.  See
169
	    <citerefentry><refentrytitle
170
	    >splashy_update</refentrytitle><manvolnum>8</manvolnum>
171
	    </citerefentry>.
172
	  </para>
173
	</listitem>
174
      </varlistentry>
175
      <varlistentry>
176
	<term><filename>/proc</filename></term>
177
	<listitem>
178
	  <para>
179
	    To find the running <citerefentry><refentrytitle
180
	    >splashy</refentrytitle><manvolnum>8</manvolnum>
181
	    </citerefentry>, this directory will be searched for
182
	    numeric entries which will be assumed to be directories.
183
	    In all those directories, the <filename>exe</filename>
184
	    entry will be used to determine the name of the running
185
	    binary and the effective user and group
186
	    <abbrev>ID</abbrev> of the process.  See <citerefentry>
187
	    <refentrytitle>proc</refentrytitle><manvolnum
188
	    >5</manvolnum></citerefentry>.
189
	  </para>
190
	</listitem>
191
      </varlistentry>
192
      <varlistentry>
193
	<term><filename>/sbin/splashy</filename></term>
194
	<listitem>
195
	  <para>
196
	    This is the name of the binary which will be searched for
197
	    in the process list.  See <citerefentry><refentrytitle
198
	    >splashy</refentrytitle><manvolnum>8</manvolnum>
199
	  </citerefentry>.
200
	  </para>
201
	</listitem>
202
      </varlistentry>
203
    </variablelist>
204
  </refsect1>
205
  
206
  <refsect1 id="bugs">
207
    <title>BUGS</title>
208
    <para>
209
      Killing <citerefentry><refentrytitle>splashy</refentrytitle>
210
      <manvolnum>8</manvolnum></citerefentry> and starting a new one
211
      is ugly, but necessary as long as it does not support aborting a
212
      password request.
213
    </para>
821 by Teddy Hogeborn
Add bug reporting information to manual pages
214
    <xi:include href="../bugs.xml"/>
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
215
  </refsect1>
216
  
217
  <refsect1 id="example">
218
    <title>EXAMPLE</title>
219
    <para>
220
      Note that normally, this program will not be invoked directly,
221
      but instead started by the Mandos <citerefentry><refentrytitle
222
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
223
      </citerefentry>.
224
    </para>
225
    <informalexample>
226
      <para>
227
	This program takes no options.
228
      </para>
229
      <para>
230
	<userinput>&COMMANDNAME;</userinput>
231
      </para>
232
    </informalexample>
233
  </refsect1>
234
  
235
  <refsect1 id="security">
236
    <title>SECURITY</title>
237
    <para>
238
      If this program is killed by a signal, it will kill the process
239
      <abbrev>ID</abbrev> which at the start of this program was
240
      determined to run <citerefentry><refentrytitle
241
      >splashy</refentrytitle><manvolnum>8</manvolnum></citerefentry>
242
      as root (see also <xref linkend="files"/>).  There is a very
243
      slight risk that, in the time between those events, that process
244
      <abbrev>ID</abbrev> was freed and then taken up by another
245
      process; the wrong process would then be killed.  Now, this
246
      program can only be killed by the user who started it; see
247
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
248
      <manvolnum>8mandos</manvolnum></citerefentry>.  This program
249
      should therefore be started by a completely separate
250
      non-privileged user, and no other programs should be allowed to
251
      run as that special user.  This means that it is not recommended
252
      to use the user "nobody" to start this program, as other
253
      possibly less trusted programs could be running as "nobody", and
254
      they would then be able to kill this program, triggering the
255
      killing of the process <abbrev>ID</abbrev> which may or may not
256
      be <citerefentry><refentrytitle>splashy</refentrytitle>
257
      <manvolnum>8</manvolnum></citerefentry>.
258
    </para>
259
    <para>
260
      The only other thing that could be considered worthy of note is
261
      this:  This program is meant to be run by <citerefentry>
262
      <refentrytitle>plugin-runner</refentrytitle><manvolnum
263
      >8mandos</manvolnum></citerefentry>, and will, when run
264
      standalone, outside, in a normal environment, immediately output
265
      on its standard output any presumably secret password it just
266
      received.  Therefore, when running this program standalone
267
      (which should never normally be done), take care not to type in
268
      any real secret password by force of habit, since it would then
269
      immediately be shown as output.
270
    </para>
271
  </refsect1>
272
  
273
  <refsect1 id="see_also">
274
    <title>SEE ALSO</title>
275
    <para>
493 by Teddy Hogeborn
* Makefile (DOCS): Added "intro.8mandos".
276
      <citerefentry><refentrytitle>intro</refentrytitle>
277
      <manvolnum>8mandos</manvolnum></citerefentry>,
225 by Teddy Hogeborn
* Makefile (DOCS): Added "plugins.d/usplash.8mandos" and
278
      <citerefentry><refentrytitle>crypttab</refentrytitle>
279
      <manvolnum>5</manvolnum></citerefentry>,
280
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
281
      <manvolnum>8mandos</manvolnum></citerefentry>,
282
      <citerefentry><refentrytitle>proc</refentrytitle>
283
      <manvolnum>5</manvolnum></citerefentry>,
284
      <citerefentry><refentrytitle>splashy</refentrytitle>
285
      <manvolnum>8</manvolnum></citerefentry>,
286
      <citerefentry><refentrytitle>splashy_update</refentrytitle>
287
      <manvolnum>8</manvolnum></citerefentry>
288
    </para>
289
  </refsect1>
290
</refentry>
291
<!-- Local Variables: -->
292
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
293
<!-- time-stamp-end: "[\"']>" -->
294
<!-- time-stamp-format: "%:y-%02m-%02d" -->
295
<!-- End: -->