=== modified file 'Makefile'
--- Makefile 2008-10-03 09:32:30 +0000
+++ Makefile 2008-10-04 03:11:39 +0000
@@ -78,6 +78,7 @@
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
plugins.d/mandos-client.8mandos \
plugins.d/password-prompt.8mandos mandos.conf.5 \
+ plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
mandos-clients.conf.5
htmldocs=$(addsuffix .xhtml,$(DOCS))
@@ -268,6 +269,10 @@
> $(MANDIR)/man8/password-prompt.8mandos.gz
gzip --best --to-stdout plugins.d/mandos-client.8mandos \
> $(MANDIR)/man8/mandos-client.8mandos.gz
+ gzip --best --to-stdout plugins.d/usplash.8mandos \
+ > $(MANDIR)/man8/usplash.8mandos.gz
+ gzip --best --to-stdout plugins.d/splashy.8mandos \
+ > $(MANDIR)/man8/splashy.8mandos.gz
install-client: install-client-nokey
# Post-installation stuff
@@ -302,6 +307,8 @@
$(MANDIR)/man8/plugin-runner.8mandos.gz \
$(MANDIR)/man8/mandos-keygen.8.gz \
$(MANDIR)/man8/password-prompt.8mandos.gz \
+ $(MANDIR)/man8/usplash.8mandos.gz \
+ $(MANDIR)/man8/splashy.8mandos.gz \
$(MANDIR)/man8/mandos-client.8mandos.gz
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
=== added file 'plugins.d/splashy.xml'
--- plugins.d/splashy.xml 1970-01-01 00:00:00 +0000
+++ plugins.d/splashy.xml 2008-10-04 03:11:39 +0000
@@ -0,0 +1,282 @@
+
+
+
+
+%common;
+]>
+
+
+
+ Mandos Manual
+
+ Mandos
+ &version;
+ &TIMESTAMP;
+
+
+ Björn
+ Påhlsson
+
+ belorn@fukt.bsnet.se
+
+
+
+ Teddy
+ Hogeborn
+
+ teddy@fukt.bsnet.se
+
+
+
+
+ 2008
+ Teddy Hogeborn
+ Björn Påhlsson
+
+
+
+
+
+ &COMMANDNAME;
+ 8mandos
+
+
+
+ &COMMANDNAME;
+ Mandos plugin to use splashy to get a
+ password.
+
+
+
+
+ &COMMANDNAME;
+
+
+
+
+ DESCRIPTION
+
+ This program prompts for a password using
+ splashy_update
+ 8 and outputs any given
+ password to standard output. If no splashy8
+ process can be found, this program will immediately exit with an
+ exit code indicating failure.
+
+
+ This program is not very useful on its own. This program is
+ really meant to run as a plugin in the Mandos client-side system, where it is used as a
+ fallback and alternative to retrieving passwords from a
+ Mandos server.
+
+
+ If this program is killed (presumably by
+ plugin-runner
+ 8mandos because some other
+ plugin provided the password), it cannot tell
+ splashy8
+ to abort requesting a password, because
+ splashy
+ 8 does not support this.
+ Therefore, this program will then kill the
+ running splashy
+ 8 process and start a
+ new one, using boot
as the only argument.
+
+
+
+
+ OPTIONS
+
+ This program takes no options.
+
+
+
+
+ EXIT STATUS
+
+ If exit status is 0, the output from the program is the password
+ as it was read. Otherwise, if exit status is other than 0, the
+ program was interrupted or encountered an error, and any output
+ so far could be corrupt and/or truncated, and should therefore
+ be ignored.
+
+
+
+
+ ENVIRONMENT
+
+
+ cryptsource
+ crypttarget
+
+
+ If set, these environment variables will be assumed to
+ contain the source device name and the target device
+ mapper name, respectively, and will be shown as part of
+ the prompt.
+
+
+ These variables will normally be inherited from
+ plugin-runner
+ 8mandos, which will
+ normally have inherited them from
+ /scripts/local-top/cryptroot in the
+ initial RAM disk environment, which will
+ have set them from parsing kernel arguments and
+ /conf/conf.d/cryptroot (also in the
+ initial RAM disk environment), which in turn will have been
+ created when the initial RAM disk image was created by
+ /usr/share/initramfs-tools/hooks/cryptroot, by
+ extracting the information of the root file system from
+ /etc/crypttab.
+
+
+ This behavior is meant to exactly mirror the behavior of
+ askpass, the default password prompter.
+
+
+
+
+
+
+
+ FILES
+
+
+ /sbin/splashy_update
+
+
+ This is the command run to retrieve a password from
+ splashy
+ 8. See
+ splashy_update8
+ .
+
+
+
+
+ /proc
+
+
+ To find the running splashy8
+ , this directory will be searched for
+ numeric entries which will be assumed to be directories.
+ In all those directories, the exe
+ entry will be used to determine the name of the running
+ binary and the effective user and group
+ ID of the process. See
+ proc5.
+
+
+
+
+ /sbin/splashy
+
+
+ This is the name of the binary which will be searched for
+ in the process list. See splashy8
+ .
+
+
+
+
+
+
+
+ BUGS
+
+ Killing splashy
+ 8 and starting a new one
+ is ugly, but necessary as long as it does not support aborting a
+ password request.
+
+
+
+
+ EXAMPLE
+
+ Note that normally, this program will not be invoked directly,
+ but instead started by the Mandos plugin-runner8mandos
+ .
+
+
+
+ This program takes no options.
+
+
+ &COMMANDNAME;
+
+
+
+
+
+ SECURITY
+
+ If this program is killed by a signal, it will kill the process
+ ID which at the start of this program was
+ determined to run splashy8
+ as root (see also ). There is a very
+ slight risk that, in the time between those events, that process
+ ID was freed and then taken up by another
+ process; the wrong process would then be killed. Now, this
+ program can only be killed by the user who started it; see
+ plugin-runner
+ 8mandos. This program
+ should therefore be started by a completely separate
+ non-privileged user, and no other programs should be allowed to
+ run as that special user. This means that it is not recommended
+ to use the user "nobody" to start this program, as other
+ possibly less trusted programs could be running as "nobody", and
+ they would then be able to kill this program, triggering the
+ killing of the process ID which may or may not
+ be splashy
+ 8.
+
+
+ The only other thing that could be considered worthy of note is
+ this: This program is meant to be run by
+ plugin-runner8mandos, and will, when run
+ standalone, outside, in a normal environment, immediately output
+ on its standard output any presumably secret password it just
+ received. Therefore, when running this program standalone
+ (which should never normally be done), take care not to type in
+ any real secret password by force of habit, since it would then
+ immediately be shown as output.
+
+
+
+
+ SEE ALSO
+
+ crypttab
+ 5,
+ plugin-runner
+ 8mandos,
+ proc
+ 5,
+ splashy
+ 8,
+ splashy_update
+ 8
+
+
+
+
+
+
+
+
=== added file 'plugins.d/usplash.xml'
--- plugins.d/usplash.xml 1970-01-01 00:00:00 +0000
+++ plugins.d/usplash.xml 2008-10-04 03:11:39 +0000
@@ -0,0 +1,296 @@
+
+
+
+
+%common;
+]>
+
+
+
+ Mandos Manual
+
+ Mandos
+ &version;
+ &TIMESTAMP;
+
+
+ Björn
+ Påhlsson
+
+ belorn@fukt.bsnet.se
+
+
+
+ Teddy
+ Hogeborn
+
+ teddy@fukt.bsnet.se
+
+
+
+
+ 2008
+ Teddy Hogeborn
+ Björn Påhlsson
+
+
+
+
+
+ &COMMANDNAME;
+ 8mandos
+
+
+
+ &COMMANDNAME;
+ Mandos plugin to use usplash to get a
+ password.
+
+
+
+
+ &COMMANDNAME;
+
+
+
+
+ DESCRIPTION
+
+ This program prompts for a password using
+ usplash8
+ and outputs any given password to standard
+ output. If no usplash8
+ process can be found, this program will immediately exit with an
+ exit code indicating failure.
+
+
+ This program is not very useful on its own. This program is
+ really meant to run as a plugin in the Mandos client-side system, where it is used as a
+ fallback and alternative to retrieving passwords from a
+ Mandos server.
+
+
+ If this program is killed (presumably by
+ plugin-runner
+ 8mandos because some other
+ plugin provided the password), it cannot tell
+ usplash8
+ to abort requesting a password, because
+ usplash
+ 8 does not support this.
+ Therefore, this program will then kill the
+ running usplash
+ 8 process and start a
+ new one using the same command line
+ arguments as the old one was using.
+
+
+
+
+ OPTIONS
+
+ This program takes no options.
+
+
+
+
+ EXIT STATUS
+
+ If exit status is 0, the output from the program is the password
+ as it was read. Otherwise, if exit status is other than 0, the
+ program was interrupted or encountered an error, and any output
+ so far could be corrupt and/or truncated, and should therefore
+ be ignored.
+
+
+
+
+ ENVIRONMENT
+
+
+ cryptsource
+ crypttarget
+
+
+ If set, these environment variables will be assumed to
+ contain the source device name and the target device
+ mapper name, respectively, and will be shown as part of
+ the prompt.
+
+
+ These variables will normally be inherited from
+ plugin-runner
+ 8mandos, which will
+ normally have inherited them from
+ /scripts/local-top/cryptroot in the
+ initial RAM disk environment, which will
+ have set them from parsing kernel arguments and
+ /conf/conf.d/cryptroot (also in the
+ initial RAM disk environment), which in turn will have been
+ created when the initial RAM disk image was created by
+ /usr/share/initramfs-tools/hooks/cryptroot, by
+ extracting the information of the root file system from
+ /etc/crypttab.
+
+
+ This behavior is meant to exactly mirror the behavior of
+ askpass, the default password prompter.
+
+
+
+
+
+
+
+ FILES
+
+
+ /dev/.initramfs/usplash_fifo
+
+
+ This is the FIFO to where this program
+ will write the commands for usplash8
+ . See fifo7
+ .
+
+
+
+
+ /dev/.initramfs/usplash_outfifo
+
+
+ This is the FIFO where this program
+ will read the password from usplash8
+ . See fifo7
+ .
+
+
+
+
+ /proc
+
+
+ To find the running usplash8
+ , this directory will be searched for
+ numeric entries which will be assumed to be directories.
+ In all those directories, the exe and
+ cmdline entries will be used to
+ determine the name of the running binary, effective user
+ and group ID, and the command line
+ arguments. See proc5
+ .
+
+
+
+
+ /sbin/usplash
+
+
+ This is the name of the binary which will be searched for
+ in the process list. See usplash8
+ .
+
+
+
+
+
+
+
+ BUGS
+
+ Killing usplash
+ 8 and starting a new one
+ is ugly, but necessary as long as it does not support aborting a
+ password request.
+
+
+
+
+ EXAMPLE
+
+ Note that normally, this program will not be invoked directly,
+ but instead started by the Mandos plugin-runner8mandos
+ .
+
+
+
+ This program takes no options.
+
+
+ &COMMANDNAME;
+
+
+
+
+
+ SECURITY
+
+ If this program is killed by a signal, it will kill the process
+ ID which at the start of this program was
+ determined to run usplash8
+ as root (see also ). There is a very
+ slight risk that, in the time between those events, that process
+ ID was freed and then taken up by another
+ process; the wrong process would then be killed. Now, this
+ program can only be killed by the user who started it; see
+ plugin-runner
+ 8mandos. This program
+ should therefore be started by a completely separate
+ non-privileged user, and no other programs should be allowed to
+ run as that special user. This means that it is not recommended
+ to use the user "nobody" to start this program, as other
+ possibly less trusted programs could be running as "nobody", and
+ they would then be able to kill this program, triggering the
+ killing of the process ID which may or may not
+ be usplash
+ 8.
+
+
+ The only other thing that could be considered worthy of note is
+ this: This program is meant to be run by
+ plugin-runner8mandos, and will, when run
+ standalone, outside, in a normal environment, immediately output
+ on its standard output any presumably secret password it just
+ received. Therefore, when running this program standalone
+ (which should never normally be done), take care not to type in
+ any real secret password by force of habit, since it would then
+ immediately be shown as output.
+
+
+
+
+ SEE ALSO
+
+ crypttab
+ 5,
+ fifo
+ 7,
+ plugin-runner
+ 8mandos,
+ proc
+ 5,
+ usplash
+ 8
+
+
+
+
+
+
+
+