To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-request.xml
- browse files at revision 147
- compare with another revision
- download diff
- download tarball
- view history from revision 147
- Committer: Teddy Hogeborn
- Date: 2008-09-03 17:11:32 UTC
- Revision ID: teddy@fukt.bsnet.se-20080903171132-usevhlf0gi9rxqc3
* plugins.d/password-request.c (init_gnutls_global): Improved wording
in debug message.
Bug fix: Make
debug message
print to stderr,
not stdout.
* plugins.d/password-request.xml (SECURITY): Add text.
in debug message.
Bug fix: Make
debug message
print to stderr,
not stdout.
* plugins.d/password-request.xml (SECURITY): Add text.
- files added:
- .bzrignore
- plugins.d
- files removed:
- bad-ca.pem
- files renamed:
- mandos-clients.conf => clients.conf
- server.py => mandos
- files modified:
- Makefile
added
removed
plugins.d/password-request.xml
1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
5
<!ENTITY COMMANDNAME "password-request">
6
<!ENTITY TIMESTAMP "2008-09-03">
7
]>
8
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
<refentryinfo>
11
<title>Mandos Manual</title>
12
<!-- Nwalsh’s docbook scripts use this to generate the footer: -->
13
<productname>Mandos</productname>
14
<productnumber>&VERSION;</productnumber>
15
<date>&TIMESTAMP;</date>
16
<authorgroup>
17
<author>
18
<firstname>Björn</firstname>
19
<surname>Påhlsson</surname>
20
<address>
21
<email>belorn@fukt.bsnet.se</email>
22
</address>
23
</author>
24
<author>
25
<firstname>Teddy</firstname>
26
<surname>Hogeborn</surname>
27
<address>
28
<email>teddy@fukt.bsnet.se</email>
29
</address>
30
</author>
31
</authorgroup>
32
<copyright>
33
<year>2008</year>
34
<holder>Teddy Hogeborn</holder>
35
<holder>Björn Påhlsson</holder>
36
</copyright>
37
<xi:include href="../legalnotice.xml"/>
38
</refentryinfo>
39
40
<refmeta>
41
<refentrytitle>&COMMANDNAME;</refentrytitle>
42
<manvolnum>8mandos</manvolnum>
43
</refmeta>
44
45
<refnamediv>
46
<refname><command>&COMMANDNAME;</command></refname>
47
<refpurpose>
48
Client for mandos
49
</refpurpose>
50
</refnamediv>
51
52
<refsynopsisdiv>
53
<cmdsynopsis>
54
<command>&COMMANDNAME;</command>
55
<group>
56
<arg choice="plain"><option>--connect
57
<replaceable>IPADDR</replaceable><literal>:</literal
58
><replaceable>PORT</replaceable></option></arg>
59
<arg choice="plain"><option>-c
60
<replaceable>IPADDR</replaceable><literal>:</literal
61
><replaceable>PORT</replaceable></option></arg>
62
</group>
63
<sbr/>
64
<group>
65
<arg choice="plain"><option>--keydir
66
<replaceable>DIRECTORY</replaceable></option></arg>
67
<arg choice="plain"><option>-d
68
<replaceable>DIRECTORY</replaceable></option></arg>
69
</group>
70
<sbr/>
71
<group>
72
<arg choice="plain"><option>--interface
73
<replaceable>NAME</replaceable></option></arg>
74
<arg choice="plain"><option>-i
75
<replaceable>NAME</replaceable></option></arg>
76
</group>
77
<sbr/>
78
<group>
79
<arg choice="plain"><option>--pubkey
80
<replaceable>FILE</replaceable></option></arg>
81
<arg choice="plain"><option>-p
82
<replaceable>FILE</replaceable></option></arg>
83
</group>
84
<sbr/>
85
<group>
86
<arg choice="plain"><option>--seckey
87
<replaceable>FILE</replaceable></option></arg>
88
<arg choice="plain"><option>-s
89
<replaceable>FILE</replaceable></option></arg>
90
</group>
91
<sbr/>
92
<arg>
93
<option>--priority <replaceable>STRING</replaceable></option>
94
</arg>
95
<sbr/>
96
<arg>
97
<option>--dh-bits <replaceable>BITS</replaceable></option>
98
</arg>
99
<sbr/>
100
<arg>
101
<option>--debug</option>
102
</arg>
103
</cmdsynopsis>
104
<cmdsynopsis>
105
<command>&COMMANDNAME;</command>
106
<group choice="req">
107
<arg choice="plain"><option>--help</option></arg>
108
<arg choice="plain"><option>-?</option></arg>
109
</group>
110
</cmdsynopsis>
111
<cmdsynopsis>
112
<command>&COMMANDNAME;</command>
113
<arg choice="plain"><option>--usage</option></arg>
114
</cmdsynopsis>
115
<cmdsynopsis>
116
<command>&COMMANDNAME;</command>
117
<group choice="req">
118
<arg choice="plain"><option>--version</option></arg>
119
<arg choice="plain"><option>-V</option></arg>
120
</group>
121
</cmdsynopsis>
122
</refsynopsisdiv>
123
124
<refsect1 id="description">
125
<title>DESCRIPTION</title>
126
<para>
127
<command>&COMMANDNAME;</command> is a client program that
128
communicates with <citerefentry><refentrytitle
129
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>
130
to get a password. It uses IPv6 link-local addresses to get
131
network connectivity, Zeroconf to find servers, and TLS with an
132
OpenPGP key to ensure authenticity and confidentiality. It
133
keeps running, trying all servers on the network, until it
134
receives a satisfactory reply or a TERM signal is recieved.
135
</para>
136
<para>
137
This program is not meant to be run directly; it is really meant
138
to run as a plugin of the <application>Mandos</application>
139
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
140
<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the
141
initial <acronym>RAM</acronym> disk environment because it is
142
specified as a <quote>keyscript</quote> in the <citerefentry>
143
<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
144
</citerefentry> file.
145
</para>
146
</refsect1>
147
148
<refsect1 id="purpose">
149
<title>PURPOSE</title>
150
<para>
151
The purpose of this is to enable <emphasis>remote and unattended
152
rebooting</emphasis> of client host computer with an
153
<emphasis>encrypted root file system</emphasis>. See <xref
154
linkend="overview"/> for details.
155
</para>
156
</refsect1>
157
158
<refsect1 id="options">
159
<title>OPTIONS</title>
160
<para>
161
This program is commonly not invoked from the command line; it
162
is normally started by the <application>Mandos</application>
163
plugin runner, see <citerefentry><refentrytitle
164
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
165
</citerefentry>. Any command line options this program accepts
166
are therefore normally provided by the plugin runner, and not
167
directly.
168
</para>
169
170
<variablelist>
171
<varlistentry>
172
<term><option>--connect=<replaceable
173
>ADDRESS</replaceable><literal>:</literal><replaceable
174
>PORT</replaceable></option></term>
175
<term><option>-c
176
<replaceable>ADDRESS</replaceable><literal>:</literal
177
><replaceable>PORT</replaceable></option></term>
178
<listitem>
179
<para>
180
Do not use Zeroconf to locate servers. Connect directly
181
to only one specified <application>Mandos</application>
182
server. Note that an IPv6 address has colon characters in
183
it, so the <emphasis>last</emphasis> colon character is
184
assumed to separate the address from the port number.
185
</para>
186
<para>
187
This option is normally only useful for testing and
188
debugging.
189
</para>
190
</listitem>
191
</varlistentry>
192
193
<varlistentry>
194
<term><option>--keydir=<replaceable
195
>DIRECTORY</replaceable></option></term>
196
<term><option>-d
197
<replaceable>DIRECTORY</replaceable></option></term>
198
<listitem>
199
<para>
200
Directory to read the OpenPGP key files
201
<filename>pubkey.txt</filename> and
202
<filename>seckey.txt</filename> from. The default is
203
<filename>/conf/conf.d/mandos</filename> (in the initial
204
<acronym>RAM</acronym> disk environment).
205
</para>
206
</listitem>
207
</varlistentry>
208
209
<varlistentry>
210
<term><option>--interface=
211
<replaceable>NAME</replaceable></option></term>
212
<term><option>-i
213
<replaceable>NAME</replaceable></option></term>
214
<listitem>
215
<para>
216
Network interface that will be brought up and scanned for
217
Mandos servers to connect to. The default it
218
<quote><literal>eth0</literal></quote>.
219
</para>
220
<para>
221
If the <option>--connect</option> option is used, this
222
specifies the interface to use to connect to the address
223
given.
224
</para>
225
</listitem>
226
</varlistentry>
227
228
<varlistentry>
229
<term><option>--pubkey=<replaceable
230
>FILE</replaceable></option></term>
231
<term><option>-p
232
<replaceable>FILE</replaceable></option></term>
233
<listitem>
234
<para>
235
OpenPGP public key file base name. This will be combined
236
with the directory from the <option>--keydir</option>
237
option to form an absolute file name. The default name is
238
<quote><literal>pubkey.txt</literal></quote>.
239
</para>
240
</listitem>
241
</varlistentry>
242
243
<varlistentry>
244
<term><option>--seckey=<replaceable
245
>FILE</replaceable></option></term>
246
<term><option>-s
247
<replaceable>FILE</replaceable></option></term>
248
<listitem>
249
<para>
250
OpenPGP secret key file base name. This will be combined
251
with the directory from the <option>--keydir</option>
252
option to form an absolute file name. The default name is
253
<quote><literal>seckey.txt</literal></quote>.
254
</para>
255
</listitem>
256
</varlistentry>
257
258
<varlistentry>
259
<term><option>--priority=<replaceable
260
>STRING</replaceable></option></term>
261
<listitem>
262
<xi:include href="../mandos-options.xml"
263
xpointer="priority"/>
264
</listitem>
265
</varlistentry>
266
267
<varlistentry>
268
<term><option>--dh-bits=<replaceable
269
>BITS</replaceable></option></term>
270
<listitem>
271
<para>
272
Sets the number of bits to use for the prime number in the
273
TLS Diffie-Hellman key exchange. Default is 1024.
274
</para>
275
</listitem>
276
</varlistentry>
277
278
<varlistentry>
279
<term><option>--debug</option></term>
280
<listitem>
281
<para>
282
Enable debug mode. This will enable a lot of output to
283
standard error about what the program is doing. The
284
program will still perform all other functions normally.
285
</para>
286
<para>
287
It will also enable debug mode in the Avahi and GnuTLS
288
libraries, making them print large amounts of debugging
289
output.
290
</para>
291
</listitem>
292
</varlistentry>
293
294
<varlistentry>
295
<term><option>--help</option></term>
296
<term><option>-?</option></term>
297
<listitem>
298
<para>
299
Gives a help message about options and their meanings.
300
</para>
301
</listitem>
302
</varlistentry>
303
304
<varlistentry>
305
<term><option>--usage</option></term>
306
<listitem>
307
<para>
308
Gives a short usage message.
309
</para>
310
</listitem>
311
</varlistentry>
312
313
<varlistentry>
314
<term><option>--version</option></term>
315
<term><option>-V</option></term>
316
<listitem>
317
<para>
318
Prints the program version.
319
</para>
320
</listitem>
321
</varlistentry>
322
</variablelist>
323
</refsect1>
324
325
<refsect1 id="overview">
326
<title>OVERVIEW</title>
327
<xi:include href="../overview.xml"/>
328
<para>
329
This program is the client part. It is a plugin started by
330
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
331
<manvolnum>8mandos</manvolnum></citerefentry> which will run in
332
an initial <acronym>RAM</acronym> disk environment.
333
</para>
334
<para>
335
This program could, theoretically, be used as a keyscript in
336
<filename>/etc/crypttab</filename>, but it would then be
337
impossible to enter a password for the encrypted root disk at
338
the console, since this program does not read from the console
339
at all. This is why a separate plugin does that, which will be
340
run in parallell to this one by the plugin runner.
341
</para>
342
</refsect1>
343
344
<refsect1 id="exit_status">
345
<title>EXIT STATUS</title>
346
<para>
347
This program will exit with a successful (zero) exit status if a
348
server could be found and the password received from it could be
349
successfully decrypted and output on standard output. The
350
program will exit with a non-zero exit status only if a critical
351
error occurs. Otherwise, it will forever connect to new
352
<application>Mandos</application> servers as they appear, trying
353
to get a decryptable password.
354
</para>
355
</refsect1>
356
357
<refsect1 id="environment">
358
<title>ENVIRONMENT</title>
359
<para>
360
This program does not use any environment variables, not even
361
the ones provided by <citerefentry><refentrytitle
362
>cryptsetup</refentrytitle><manvolnum>8</manvolnum>
363
</citerefentry>.
364
</para>
365
</refsect1>
366
367
<refsect1 id="file">
368
<title>FILES</title>
369
<variablelist>
370
<varlistentry>
371
<term><filename>/conf/conf.d/mandos/pubkey.txt</filename
372
></term>
373
<term><filename>/conf/conf.d/mandos/seckey.txt</filename
374
></term>
375
<listitem>
376
<para>
377
OpenPGP public and private key files, in <quote>ASCII
378
Armor</quote> format. These are the default file names,
379
they can be changed with the <option>--pubkey</option> and
380
<option>--seckey</option> options.
381
</para>
382
</listitem>
383
</varlistentry>
384
</variablelist>
385
</refsect1>
386
387
<!-- <refsect1 id="bugs"> -->
388
<!-- <title>BUGS</title> -->
389
<!-- <para> -->
390
<!-- </para> -->
391
<!-- </refsect1> -->
392
393
<refsect1 id="example">
394
<title>EXAMPLE</title>
395
<para>
396
Note that normally, command line options will not be given
397
directly, but via options for the Mandos <citerefentry
398
><refentrytitle>plugin-runner</refentrytitle>
399
<manvolnum>8mandos</manvolnum></citerefentry>.
400
</para>
401
<informalexample>
402
<para>
403
Normal invocation needs no options, if the network interface
404
is <quote>eth0</quote>:
405
</para>
406
<para>
407
<userinput>&COMMANDNAME;</userinput>
408
</para>
409
</informalexample>
410
<informalexample>
411
<para>
412
Search for Mandos servers on another interface:
413
</para>
414
<para>
415
<!-- do not wrap this line -->
416
<userinput>&COMMANDNAME; --interface eth1</userinput>
417
</para>
418
</informalexample>
419
<informalexample>
420
<para>
421
Run in debug mode, and use a custom key directory:
422
</para>
423
<para>
424
<!-- do not wrap this line -->
425
<userinput>&COMMANDNAME; --debug --keydir keydir</userinput>
426
</para>
427
</informalexample>
428
<informalexample>
429
<para>
430
Run in debug mode, with a custom key directory, and do not use
431
Zeroconf to locate a server; connect directly to the IPv6
432
address <quote><systemitem class="ipaddress"
433
>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,
434
port 4711, using interface eth2:
435
</para>
436
<para>
437
438
<!-- do not wrap this line -->
439
<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>
440
441
</para>
442
</informalexample>
443
</refsect1>
444
445
<refsect1 id="security">
446
<title>SECURITY</title>
447
<para>
448
This program is set-uid to root, but will switch back to the
449
original user and group after bringing up the network interface.
450
</para>
451
<para>
452
To use this program for its intended purpose (see <xref
453
linkend="purpose"/>), the password for the root file system will
454
have to be given out to be stored in a server computer, after
455
having been encrypted using an OpenPGP key. This encrypted data
456
which will be stored in a server can only be decrypted by the
457
OpenPGP key, and the data will only be given out to those
458
clients who can prove they actually have that key. This key,
459
however, is stored unencrypted on the client side in its initial
460
<acronym>RAM</acronym> disk image file system. This is normally
461
readable by all, but this is normally fixed during installation
462
of this program; file permissions are set so that no-one is able
463
to read that file.
464
</para>
465
<para>
466
The only remaining weak point is that someone with physical
467
access to the client hard drive might turn off the client
468
computer, read the OpenPGP keys directly from the hard drive,
469
and communicate with the server. The defense against this is
470
that the server is supposed to notice the client disappearing
471
and will stop giving out the encrypted data. Therefore, it is
472
important to set the timeout and checker interval values tightly
473
on the server. See <citerefentry><refentrytitle
474
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
475
</para>
476
<para>
477
<emphasis>Note</emphasis>: This makes it impossible to have
478
<application >Mandos</application> clients which dual-boot to
479
another operating system which does <emphasis>not</emphasis> run
480
a <application>Mandos</application> client.
481
</para>
482
</refsect1>
483
484
<refsect1 id="see_also">
485
<title>SEE ALSO</title>
486
<para>
487
<citerefentry><refentrytitle>mandos</refentrytitle>
488
<manvolnum>8</manvolnum></citerefentry>,
489
<citerefentry><refentrytitle>password-prompt</refentrytitle>
490
<manvolnum>8mandos</manvolnum></citerefentry>,
491
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
492
<manvolnum>8mandos</manvolnum></citerefentry>
493
</para>
494
<itemizedlist>
495
<listitem><para>
496
<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
497
</para></listitem>
498
499
<listitem><para>
500
<ulink url="http://www.avahi.org/">Avahi</ulink>
501
</para></listitem>
502
503
<listitem><para>
504
<ulink
505
url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
506
</para></listitem>
507
508
<listitem><para>
509
<ulink
510
url="http://www.gnupg.org/related_software/gpgme/"
511
>GPGME</ulink>
512
</para></listitem>
513
514
<listitem><para>
515
<citation>RFC 4880: <citetitle>OpenPGP Message
516
Format</citetitle></citation>
517
</para></listitem>
518
519
<listitem><para>
520
<citation>RFC 5081: <citetitle>Using OpenPGP Keys for
521
Transport Layer Security</citetitle></citation>
522
</para></listitem>
523
524
<listitem><para>
525
<citation>RFC 4291: <citetitle>IP Version 6 Addressing
526
Architecture</citetitle>, section 2.5.6, Link-Local IPv6
527
Unicast Addresses</citation>
528
</para></listitem>
529
</itemizedlist>
530
</refsect1>
531
532
</refentry>
533
<!-- Local Variables: -->
534
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
535
<!-- time-stamp-end: "[\"']>" -->
536
<!-- time-stamp-format: "%:y-%02m-%02d" -->
537
<!-- End: -->
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0