/mandos/trunk : revision 237.2.13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

Committer: Teddy Hogeborn
Date: 2009-02-13 08:00:47 UTC
mfrom: (315 mandos)
mto: (24.1.170 mandos) (237.4.29 release)
mto: This revision was merged to the branch mainline in revision 316.
Revision ID: teddy@fukt.bsnet.se-20090213080047-eibfmj4j2a9zt53d

Merge from trunk.  Notable changes:

1. Server package now depends on "python-gobject".
2. Permission fix for /lib64.
3. Support for DEVICE setting from initramfs.conf, kernel parameters
    "ip=" and "mandos=connect".
4. Fix for the bug where the server would stop responding, with a
    zombie checker process.
5. Add support for disabling IPv6 in the server
6. Fix for the bug which made the server, plugin-runner and
    mandos-client fail to change group ID.
7. Add GnuTLS debugging to server debug output.
8. Fix for the bug of the "--options-for" option of plugin-runner,
    where it would cut the value at the first colon character.
9. Stop using sscanf() throughout, since it does not detect overflow.
10. Fix for the bug where plugin-runner would not go to the fallback
    if all plugins failed.
11. Fix for the bug where mandos-client would not clean up after a
    signal.
12. Added support for connecting to IPv4 addresses in mandos-client.
13. Added support for not using a specific network interface in
    mandos-client.
14. Kernel log level will be lowered by mandos-client while bringing
    up the network interface.
15. Add an option for the maximum time for mandos-client to wait for
    the network interface to come up.
16. Fix for the bug where mandos-client would not clean the temporary
    directory on some filesystems.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "plugin-runner">

<!ENTITY TIMESTAMP "2008-09-05">

<!ENTITY TIMESTAMP "2009-01-17">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

Run Mandos plugins, pass data from first to succeed.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--global-env=<replaceable

>VAR</replaceable><literal>=</literal><replaceable

>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable></option></arg>

<arg choice="plain"><option>-G

<replaceable>VAR</replaceable><literal>=</literal><replaceable

<replaceable>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable> </option></arg>

</group>

<sbr/>

170

172

171

173

172

174

<term><option>--global-env

173

<replaceable>VAR</replaceable><literal>=</literal><replaceable

175

<replaceable>ENV</replaceable><literal>=</literal><replaceable

174

176

>value</replaceable></option></term>

175

177

<term><option>-G

176

<replaceable>VAR</replaceable><literal>=</literal><replaceable

178

<replaceable>ENV</replaceable><literal>=</literal><replaceable

177

179

>value</replaceable></option></term>

178

180

179

181

<para>

247

249

</para>

248

250

</listitem>

249

251

</varlistentry>

250

252

251

253

252

254

<term><option>--disable

253

255

<replaceable>PLUGIN</replaceable></option></term>

261

263

</para>

262

264

</listitem>

263

265

</varlistentry>

264

266

265

267

266

268

<term><option>--enable

267

269

<replaceable>PLUGIN</replaceable></option></term>

276

278

</para>

277

279

</listitem>

278

280

</varlistentry>

279

281

280

282

281

283

<term><option>--groupid

282

284

289

291

</para>

290

292

</listitem>

291

293

</varlistentry>

292

294

293

295

294

296

<term><option>--userid

295

297

302

304

</para>

303

305

</listitem>

304

306

</varlistentry>

305

307

306

308

307

309

<term><option>--plugin-dir

308

310

<replaceable>DIRECTORY</replaceable></option></term>

365

367

</para>

366

368

</listitem>

367

369

</varlistentry>

368

370

369

371

370

372

<term><option>--version</option></term>

371

373

377

379

</varlistentry>

378

380

</variablelist>

379

381

</refsect1>

380

382

381

383

382

384

<title>OVERVIEW</title>

383

385

<xi:include href="overview.xml"/>

403

405

code will make this plugin-runner output the password from that

404

406

plugin, stop any other plugins, and exit.

405

407

</para>

406

408

407

409

408

410

<title>WRITING PLUGINS</title>

409

411

<para>

416

418

console.

417

419

</para>

418

420

<para>

421

If the password is a single-line, manually entered passprase,

422

a final trailing newline character should

423

<emphasis>not</emphasis> be printed.

424

</para>

425

<para>

419

426

The plugin will run in the initial RAM disk environment, so

420

427

care must be taken not to depend on any files or running

421

428

services not available there.

566

573

<para>

567

574

Run plugins from a different directory, read a different

568

575

configuration file, and add two options to the

569

<citerefentry><refentrytitle >password-request</refentrytitle>

576

<citerefentry><refentrytitle >mandos-client</refentrytitle>

570

577

<manvolnum>8mandos</manvolnum></citerefentry> plugin:

571

578

</para>

572

579

<para>

573

580

574

581

575

<userinput>&COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=password-request:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>

582

<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>

576

583

577

584

</para>

578

585

</informalexample>

620

627

<manvolnum>8</manvolnum></citerefentry>,

621

628

<citerefentry><refentrytitle>password-prompt</refentrytitle>

622

629

<manvolnum>8mandos</manvolnum></citerefentry>,

623

<citerefentry><refentrytitle>password-request</refentrytitle>

630

<citerefentry><refentrytitle>mandos-client</refentrytitle>

624

631

<manvolnum>8mandos</manvolnum></citerefentry>

625

632

</para>

626

633

</refsect1>

Older »