/mandos/trunk : revision 237.4.114

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/plymouth.xml

Committer: Teddy Hogeborn
Date: 2019-04-09 20:09:51 UTC
mto: This revision was merged to the branch mainline in revision 1100.
Revision ID: teddy@recompile.se-20190409200951-zgdjfh0mftlqz8pn

Tags: version-1.8.4-1

http://bugs.debian.org/926641

http://bugs.debian.org/926643

* Makefile (version): Change to 1.8.4.
* NEWS (Version 1.8.4): Add new entry.
* debian/changelog (1.8.4-1): - '' -

files added:
DBUS-API

bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/plymouth.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "plymouth">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

<refpurpose>Mandos plugin to use plymouth to get a

password.</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

</refsynopsisdiv>

<title>DESCRIPTION</title>

<para>

This program prompts for a password using <citerefentry>

<refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum>

</citerefentry> and outputs any given password to standard

output. If no <citerefentry><refentrytitle

>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>

process can be found, this program will immediately exit with an

exit code indicating failure.

</para>

<para>

This program is not very useful on its own. This program is

really meant to run as a plugin in the <application

>Mandos</application> client-side system, where it is used as a

fallback and alternative to retrieving passwords from a

<application >Mandos</application> server.

</para>

<para>

If this program is killed (presumably by

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

<manvolnum>8mandos</manvolnum></citerefentry> because some other

plugin provided the password), it cannot tell <citerefentry>

<refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum>

</citerefentry> to abort requesting a password, because

<citerefentry><refentrytitle>plymouth</refentrytitle>

<manvolnum>8</manvolnum></citerefentry> does not support this.

Therefore, this program will then <emphasis>kill</emphasis> the

running <citerefentry><refentrytitle>plymouth</refentrytitle>

<manvolnum>8</manvolnum></citerefentry> process and start a

<emphasis>new</emphasis> one using the same command line

arguments as the old one was using.

</para>

100

</refsect1>

101

102

103

<title>OPTIONS</title>

104

<para>

105

This program takes no options.

106

</para>

107

</refsect1>

108

109

110

<title>EXIT STATUS</title>

111

<para>

112

If exit status is 0, the output from the program is the password

113

as it was read. Otherwise, if exit status is other than 0, the

114

program was interrupted or encountered an error, and any output

115

so far could be corrupt and/or truncated, and should therefore

116

be ignored.

117

</para>

118

</refsect1>

119

120

121

<title>ENVIRONMENT</title>

122

123

124

<term><envar>cryptsource</envar></term>

125

<term><envar>crypttarget</envar></term>

126

127

<para>

128

If set, these environment variables will be assumed to

129

contain the source device name and the target device

130

mapper name, respectively, and will be shown as part of

131

the prompt.

132

</para>

133

<para>

134

These variables will normally be inherited from

135

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

136

<manvolnum>8mandos</manvolnum></citerefentry>, which will

137

normally have inherited them from

138

<filename>/scripts/local-top/cryptroot</filename> in the

139

initial <acronym>RAM</acronym> disk environment, which will

140

have set them from parsing kernel arguments and

141

<filename>/conf/conf.d/cryptroot</filename> (also in the

142

initial RAM disk environment), which in turn will have been

143

created when the initial RAM disk image was created by

144

<filename

145

>/usr/share/initramfs-tools/hooks/cryptroot</filename>, by

146

extracting the information of the root file system from

147

<filename >/etc/crypttab</filename>.

148

</para>

149

<para>

150

This behavior is meant to exactly mirror the behavior of

151

<command>askpass</command>, the default password prompter.

152

</para>

153

</listitem>

154

</varlistentry>

155

</variablelist>

156

</refsect1>

157

158

159

<title>FILES</title>

160

161

162

<term><filename>/bin/plymouth</filename></term>

163

164

<para>

165

This is the command run to retrieve a password from

166

<citerefentry><refentrytitle>plymouth</refentrytitle>

167

<manvolnum>8</manvolnum></citerefentry>.

168

</para>

169

</listitem>

170

</varlistentry>

171

172

173

174

<para>

175

To find the running <citerefentry><refentrytitle

176

>plymouth</refentrytitle><manvolnum>8</manvolnum>

177

</citerefentry>, this directory will be searched for

178

numeric entries which will be assumed to be directories.

179

In all those directories, the <filename>exe</filename> and

180

<filename>cmdline</filename> entries will be used to

181

determine the name of the running binary, effective user

182

and group <abbrev>ID</abbrev>, and the command line

183

arguments. See <citerefentry><refentrytitle

184

>proc</refentrytitle><manvolnum>5</manvolnum>

185

</citerefentry>.

186

</para>

187

</listitem>

188

</varlistentry>

189

190

<term><filename>/sbin/plymouthd</filename></term>

191

192

<para>

193

This is the name of the binary which will be searched for

194

in the process list. See <citerefentry><refentrytitle

195

>plymouth</refentrytitle><manvolnum>8</manvolnum>

196

</citerefentry>.

197

</para>

198

</listitem>

199

</varlistentry>

200

</variablelist>

201

</refsect1>

202

203

204

205

<para>

206

Killing the <citerefentry><refentrytitle

207

>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>

208

daemon and starting a new one is ugly, but necessary as long as

209

it does not support aborting a password request.

210

</para>

211

<xi:include href="../bugs.xml"/>

212

</refsect1>

213

214

215

<title>EXAMPLE</title>

216

<para>

217

Note that normally, this program will not be invoked directly,

218

but instead started by the Mandos <citerefentry><refentrytitle

219

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>

220

</citerefentry>.

221

</para>

222

223

<para>

224

This program takes no options.

225

</para>

226

<para>

227

<userinput>&COMMANDNAME;</userinput>

228

</para>

229

</informalexample>

230

</refsect1>

231

232

233

<title>SECURITY</title>

234

<para>

235

If this program is killed by a signal, it will kill the process

236

<abbrev>ID</abbrev> which at the start of this program was

237

determined to run <citerefentry><refentrytitle

238

>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>

239

as root (see also <xref linkend="files"/>). There is a very

240

slight risk that, in the time between those events, that process

241

<abbrev>ID</abbrev> was freed and then taken up by another

242

process; the wrong process would then be killed. Now, this

243

program can only be killed by the user who started it; see

244

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

245

<manvolnum>8mandos</manvolnum></citerefentry>. This program

246

should therefore be started by a completely separate

247

non-privileged user, and no other programs should be allowed to

248

run as that special user. This means that it is not recommended

249

to use the user "nobody" to start this program, as other

250

possibly less trusted programs could be running as "nobody", and

251

they would then be able to kill this program, triggering the

252

killing of the process <abbrev>ID</abbrev> which may or may not

253

be <citerefentry><refentrytitle>plymouth</refentrytitle>

254

<manvolnum>8</manvolnum></citerefentry>.

255

</para>

256

<para>

257

The only other thing that could be considered worthy of note is

258

this: This program is meant to be run by <citerefentry>

259

<refentrytitle>plugin-runner</refentrytitle><manvolnum

260

>8mandos</manvolnum></citerefentry>, and will, when run

261

standalone, outside, in a normal environment, immediately output

262

on its standard output any presumably secret password it just

263

received. Therefore, when running this program standalone

264

(which should never normally be done), take care not to type in

265

any real secret password by force of habit, since it would then

266

immediately be shown as output.

267

</para>

268

</refsect1>

269

270

271

272

<para>

273

<citerefentry><refentrytitle>intro</refentrytitle>

274

<manvolnum>8mandos</manvolnum></citerefentry>,

275

<citerefentry><refentrytitle>crypttab</refentrytitle>

276

<manvolnum>5</manvolnum></citerefentry>,

277

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

278

<manvolnum>8mandos</manvolnum></citerefentry>,

279

280

<manvolnum>5</manvolnum></citerefentry>,

281

<citerefentry><refentrytitle>plymouth</refentrytitle>

282

283

</para>

284

</refsect1>

285

</refentry>

286

287

288

289

290

Older »