/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-10-03 09:32:30 UTC
  • Revision ID: teddy@fukt.bsnet.se-20081003093230-rshn19e0c19zz12i
* .bzrignore (plugins.d/askpass-fifo): Added.

* Makefile (FORTIFY): Added "-fstack-protector-all".
  (mandos, mandos-keygen): Use more strict regexps when updating the
                           version number.

* mandos (Client.__init__): Use os.path.expandvars() and
                            os.path.expanduser() on the "secfile"
                            config value.

* plugins.d/splashy.c: Update comments and order of #include's.
  (main): Check user and group when looking for running splashy
          process.  Do not ignore ENOENT from execl().  Use _exit()
          instead of "return" when an error happens in child
          processes.  Bug fix: Only wait for splashy_update
          completion if it was started.  Bug fix: detect failing
          waitpid().  Only kill splashy_update if it is running.  Do
          the killing of the old splashy process before the fork().
          Do setsid() and setuid(geteuid()) before starting the new
          splashy.  Report failing execl().

* plugins.d/usplash.c: Update comments and order of #include's.
  (main): Check user and group when looking for running usplash
          process.  Do not report execv() error if interrupted by a
          signal.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/password-prompt.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-prompt">
5
 
<!ENTITY TIMESTAMP "2019-07-27">
 
5
<!ENTITY TIMESTAMP "2008-09-30">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
 
      <year>2019</year>
46
35
      <holder>Teddy Hogeborn</holder>
47
36
      <holder>Björn Påhlsson</holder>
48
37
    </copyright>
69
58
        >PREFIX</replaceable></arg>
70
59
      </group>
71
60
      <sbr/>
72
 
      <arg choice="opt">
73
 
        <option>--prompt <replaceable>PROMPT</replaceable></option>
74
 
      </arg>
75
61
      <arg choice="opt"><option>--debug</option></arg>
76
62
    </cmdsynopsis>
77
63
    <cmdsynopsis>
98
84
    <title>DESCRIPTION</title>
99
85
    <para>
100
86
      All <command>&COMMANDNAME;</command> does is prompt for a
101
 
      password and output any given password to standard output.
102
 
    </para>
103
 
    <para>
104
 
      This program is not very useful on its own.  This program is
105
 
      really meant to run as a plugin in the <application
106
 
      >Mandos</application> client-side system, where it is used as a
107
 
      fallback and alternative to retrieving passwords from a
108
 
      <application >Mandos</application> server.
 
87
      password and output any given password to standard output.  This
 
88
      is not very useful on its own.  This program is really meant to
 
89
      run as a plugin in the <application>Mandos</application>
 
90
      client-side system, where it is used as a fallback and
 
91
      alternative to retrieving passwords from a <application
 
92
      >Mandos</application> server.
109
93
    </para>
110
94
    <para>
111
95
      This program is little more than a <citerefentry><refentrytitle
113
97
      wrapper, although actual use of that function is not guaranteed
114
98
      or implied.
115
99
    </para>
116
 
    <para>
117
 
      This program tries to detect if a Plymouth daemon
118
 
      (<citerefentry><refentrytitle
119
 
      >plymouthd</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
120
 
      is running, by looking for a
121
 
      <filename>/run/plymouth/pid</filename> file or a process named
122
 
      <quote><literal>plymouthd</literal></quote>.  If it is detected,
123
 
      this process will immediately exit without doing anything.
124
 
    </para>
125
100
  </refsect1>
126
101
  
127
102
  <refsect1 id="options">
150
125
      </varlistentry>
151
126
      
152
127
      <varlistentry>
153
 
        <term><option>--prompt=<replaceable
154
 
        >PROMPT</replaceable></option></term>
155
 
        <listitem>
156
 
          <para>
157
 
            The password prompt.  Using this option will make this
158
 
            program ignore the <envar>CRYPTTAB_SOURCE</envar> and
159
 
            <envar>CRYPTTAB_NAME</envar> environment variables.
160
 
          </para>
161
 
        </listitem>
162
 
      </varlistentry>
163
 
      
164
 
      <varlistentry>
165
128
        <term><option>--debug</option></term>
166
129
        <listitem>
167
130
          <para>
217
180
    <title>ENVIRONMENT</title>
218
181
    <variablelist>
219
182
      <varlistentry>
220
 
        <term><envar>CRYPTTAB_SOURCE</envar></term>
221
 
        <term><envar>CRYPTTAB_NAME</envar></term>
 
183
        <term><envar>cryptsource</envar></term>
 
184
        <term><envar>crypttarget</envar></term>
222
185
        <listitem>
223
186
          <para>
224
 
            If set, and if the <option>--prompt</option> option is not
225
 
            used, these environment variables will be assumed to
 
187
            If set, these environment variables will be assumed to
226
188
            contain the source device name and the target device
227
189
            mapper name, respectively, and will be shown as part of
228
190
            the prompt.
230
192
        <para>
231
193
          These variables will normally be inherited from
232
194
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
233
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
234
 
          have in turn inherited them from its calling process.
 
195
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
196
          normally have inherited them from
 
197
          <filename>/scripts/local-top/cryptroot</filename> in the
 
198
          initial <acronym>RAM</acronym> disk environment, which will
 
199
          have set them from parsing kernel arguments and
 
200
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
201
          initial RAM disk environment), which in turn will have been
 
202
          created when the initial RAM disk image was created by
 
203
          <filename
 
204
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
205
          extracting the information of the root file system from
 
206
          <filename >/etc/crypttab</filename>.
235
207
        </para>
236
208
        <para>
237
209
          This behavior is meant to exactly mirror the behavior of
238
 
          <command>askpass</command>, the default password prompter
239
 
          from initramfs-tools.
 
210
          <command>askpass</command>, the default password prompter.
240
211
        </para>
241
212
        </listitem>
242
213
      </varlistentry>
245
216
  
246
217
  <refsect1 id="bugs">
247
218
    <title>BUGS</title>
248
 
    <xi:include href="../bugs.xml"/>
 
219
    <para>
 
220
      None are known at this time.
 
221
    </para>
249
222
  </refsect1>
250
223
  
251
224
  <refsect1 id="example">
316
289
  <refsect1 id="see_also">
317
290
    <title>SEE ALSO</title>
318
291
    <para>
319
 
      <citerefentry><refentrytitle>intro</refentrytitle>
320
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
292
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
293
      <manvolnum>5</manvolnum></citerefentry>
321
294
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
322
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
295
      <manvolnum>8mandos</manvolnum></citerefentry>
323
296
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
324
297
      <manvolnum>8mandos</manvolnum></citerefentry>,
325
 
      <citerefentry><refentrytitle>plymouthd</refentrytitle>
326
 
      <manvolnum>8</manvolnum></citerefentry>
327
298
    </para>
328
299
  </refsect1>
329
300
</refentry>