1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "plugin-runner">
6
<!ENTITY TIMESTAMP "2008-09-05">
5
<!ENTITY TIMESTAMP "2023-04-30">
6
<!ENTITY % common SYSTEM "common.ent">
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
<title>Mandos Manual</title>
12
13
<!-- Nwalsh’s docbook scripts use this to generate the footer: -->
13
14
<productname>Mandos</productname>
14
<productnumber>&VERSION;</productnumber>
15
<productnumber>&version;</productnumber>
15
16
<date>&TIMESTAMP;</date>
18
19
<firstname>Björn</firstname>
19
20
<surname>Påhlsson</surname>
21
<email>belorn@fukt.bsnet.se</email>
22
<email>belorn@recompile.se</email>
25
26
<firstname>Teddy</firstname>
26
27
<surname>Hogeborn</surname>
28
<email>teddy@fukt.bsnet.se</email>
29
<email>teddy@recompile.se</email>
34
46
<holder>Teddy Hogeborn</holder>
35
47
<holder>Björn Påhlsson</holder>
37
49
<xi:include href="legalnotice.xml"/>
41
53
<refentrytitle>&COMMANDNAME;</refentrytitle>
42
54
<manvolnum>8mandos</manvolnum>
48
60
Run Mandos plugins, pass data from first to succeed.
54
66
<command>&COMMANDNAME;</command>
55
67
<group rep="repeat">
56
68
<arg choice="plain"><option>--global-env=<replaceable
57
>VAR</replaceable><literal>=</literal><replaceable
69
>ENV</replaceable><literal>=</literal><replaceable
58
70
>value</replaceable></option></arg>
59
71
<arg choice="plain"><option>-G
60
<replaceable>VAR</replaceable><literal>=</literal><replaceable
72
<replaceable>ENV</replaceable><literal>=</literal><replaceable
61
73
>value</replaceable> </option></arg>
111
123
<arg><option>--plugin-dir=<replaceable
112
124
>DIRECTORY</replaceable></option></arg>
126
<arg><option>--plugin-helper-dir=<replaceable
127
>DIRECTORY</replaceable></option></arg>
114
129
<arg><option>--config-file=<replaceable
115
130
>FILE</replaceable></option></arg>
172
187
<term><option>--global-env
173
<replaceable>VAR</replaceable><literal>=</literal><replaceable
188
<replaceable>ENV</replaceable><literal>=</literal><replaceable
174
189
>value</replaceable></option></term>
176
<replaceable>VAR</replaceable><literal>=</literal><replaceable
191
<replaceable>ENV</replaceable><literal>=</literal><replaceable
177
192
>value</replaceable></option></term>
335
<term><option>--plugin-helper-dir
336
<replaceable>DIRECTORY</replaceable></option></term>
339
Specify a different plugin helper directory. The default
340
is <filename>/lib/mandos/plugin-helpers</filename>, which
341
will exist in the initial <acronym>RAM</acronym> disk
342
environment. (This will simply be passed to all plugins
343
via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
344
variable. See <xref linkend="writing_plugins"/>)
320
350
<term><option>--config-file
321
351
<replaceable>FILE</replaceable></option></term>
393
423
<title>PLUGINS</title>
395
425
This program will get a password by running a number of
396
<firstterm>plugins</firstterm>, which are simply executable
397
programs in a directory in the initial <acronym>RAM</acronym>
398
disk environment. The default directory is
426
<firstterm>plugins</firstterm>, which are executable programs in
427
a directory in the initial <acronym>RAM</acronym> disk
428
environment. The default directory is
399
429
<filename>/lib/mandos/plugins.d</filename>, but this can be
400
430
changed with the <option>--plugin-dir</option> option. The
401
431
plugins are started in parallel, and the first plugin to output
403
433
code will make this plugin-runner output the password from that
404
434
plugin, stop any other plugins, and exit.
407
437
<refsect2 id="writing_plugins">
408
438
<title>WRITING PLUGINS</title>
410
A plugin is simply a program which prints a password to its
411
standard output and then exits with a successful (zero) exit
412
status. If the exit status is not zero, any output on
440
A plugin is an executable program which prints a password to
441
its standard output and then exits with a successful (zero)
442
exit status. If the exit status is not zero, any output on
413
443
standard output will be ignored by the plugin runner. Any
414
444
output on its standard error channel will simply be passed to
415
445
the standard error of the plugin runner, usually the system
449
If the password is a single-line, manually entered passprase,
450
a final trailing newline character should
451
<emphasis>not</emphasis> be printed.
419
454
The plugin will run in the initial RAM disk environment, so
420
455
care must be taken not to depend on any files or running
421
services not available there.
456
services not available there. Any helper executables required
457
by the plugin (which are not in the <envar>PATH</envar>) can
458
be placed in the plugin helper directory, the name of which
459
will be made available to the plugin via the
460
<envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
424
463
The plugin must exit cleanly and free all allocated resources
467
506
only passes on its environment to all the plugins. The
468
507
environment passed to plugins can be modified using the
469
508
<option>--global-env</option> and <option>--env-for</option>
509
options. Also, the <option>--plugin-helper-dir</option> option
510
will affect the environment variable
511
<envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
551
<term><filename class="directory"
552
>/lib/mandos/plugins.d</filename></term>
555
The default plugin directory; can be changed by the
556
<option>--plugin-dir</option> option.
561
<term><filename class="directory"
562
>/lib/mandos/plugin-helpers</filename></term>
565
The default plugin helper directory; can be changed by
566
the <option>--plugin-helper-dir</option> option.
564
626
</informalexample>
565
627
<informalexample>
567
Run plugins from a different directory, read a different
568
configuration file, and add two options to the
569
<citerefentry><refentrytitle >password-request</refentrytitle>
629
Read a different configuration file, run plugins from a
630
different directory, specify an alternate plugin helper
631
directory and add four options to the
632
<citerefentry><refentrytitle >mandos-client</refentrytitle>
570
633
<manvolnum>8mandos</manvolnum></citerefentry> plugin:
574
637
<!-- do not wrap this line -->
575
<userinput>&COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=password-request:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>
638
<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,​--seckey=seckey.txt,​--tls-pubkey=tls-pubkey.pem,​--tls-privkey=tls-privkey.pem</userinput>
578
641
</informalexample>
586
649
non-privileged. This user and group is then what all plugins
587
650
will be started as. Therefore, the only way to run a plugin as
588
651
a privileged user is to have the set-user-ID or set-group-ID bit
589
set on the plugin executable files (see <citerefentry>
652
set on the plugin executable file (see <citerefentry>
590
653
<refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
591
654
</citerefentry>).
610
673
<refsect1 id="see_also">
611
674
<title>SEE ALSO</title>
676
<citerefentry><refentrytitle>intro</refentrytitle>
677
<manvolnum>8mandos</manvolnum></citerefentry>,
613
678
<citerefentry><refentrytitle>cryptsetup</refentrytitle>
614
679
<manvolnum>8</manvolnum></citerefentry>,
615
680
<citerefentry><refentrytitle>crypttab</refentrytitle>
620
685
<manvolnum>8</manvolnum></citerefentry>,
621
686
<citerefentry><refentrytitle>password-prompt</refentrytitle>
622
687
<manvolnum>8mandos</manvolnum></citerefentry>,
623
<citerefentry><refentrytitle>password-request</refentrytitle>
688
<citerefentry><refentrytitle>mandos-client</refentrytitle>
624
689
<manvolnum>8mandos</manvolnum></citerefentry>