/mandos/trunk : revision 24.1.186

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/usplash.xml

Committer: Björn Påhlsson
Date: 2011-10-02 19:18:24 UTC
mto: This revision was merged to the branch mainline in revision 505.
Revision ID: belorn@fukt.bsnet.se-20111002191824-eweh4pvneeg3qzia

transitional stuff actually working
documented change to D-Bus API

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

intro.xml

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files renamed:
mandos-clients.conf => clients.conf

server.py => mandos

plugbasedclient.c => plugin-runner.c

plugins.d/mandosclient.c => plugins.d/mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/usplash.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "usplash">

<!ENTITY TIMESTAMP "2011-08-08">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

<refpurpose>Mandos plugin to use usplash to get a

password.</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

</refsynopsisdiv>

<title>DESCRIPTION</title>

<para>

This program prompts for a password using <citerefentry>

<refentrytitle>usplash</refentrytitle><manvolnum>8</manvolnum>

</citerefentry> and outputs any given password to standard

output. If no <citerefentry><refentrytitle

>usplash</refentrytitle><manvolnum>8</manvolnum></citerefentry>

process can be found, this program will immediately exit with an

exit code indicating failure.

</para>

<para>

This program is not very useful on its own. This program is

really meant to run as a plugin in the <application

>Mandos</application> client-side system, where it is used as a

fallback and alternative to retrieving passwords from a

<application >Mandos</application> server.

</para>

<para>

If this program is killed (presumably by

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

<manvolnum>8mandos</manvolnum></citerefentry> because some other

plugin provided the password), it cannot tell <citerefentry>

<refentrytitle>usplash</refentrytitle><manvolnum>8</manvolnum>

</citerefentry> to abort requesting a password, because

<citerefentry><refentrytitle>usplash</refentrytitle>

<manvolnum>8</manvolnum></citerefentry> does not support this.

Therefore, this program will then <emphasis>kill</emphasis> the

running <citerefentry><refentrytitle>usplash</refentrytitle>

<manvolnum>8</manvolnum></citerefentry> process and start a

<emphasis>new</emphasis> one using the same command line

arguments as the old one was using.

</para>

</refsect1>

<title>OPTIONS</title>

<para>

This program takes no options.

</para>

100

</refsect1>

101

102

103

<title>EXIT STATUS</title>

104

<para>

105

If exit status is 0, the output from the program is the password

106

as it was read. Otherwise, if exit status is other than 0, the

107

program was interrupted or encountered an error, and any output

108

so far could be corrupt and/or truncated, and should therefore

109

be ignored.

110

</para>

111

</refsect1>

112

113

114

<title>ENVIRONMENT</title>

115

116

117

<term><envar>cryptsource</envar></term>

118

<term><envar>crypttarget</envar></term>

119

120

<para>

121

If set, these environment variables will be assumed to

122

contain the source device name and the target device

123

mapper name, respectively, and will be shown as part of

124

the prompt.

125

</para>

126

<para>

127

These variables will normally be inherited from

128

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

129

<manvolnum>8mandos</manvolnum></citerefentry>, which will

130

normally have inherited them from

131

<filename>/scripts/local-top/cryptroot</filename> in the

132

initial <acronym>RAM</acronym> disk environment, which will

133

have set them from parsing kernel arguments and

134

<filename>/conf/conf.d/cryptroot</filename> (also in the

135

initial RAM disk environment), which in turn will have been

136

created when the initial RAM disk image was created by

137

<filename

138

>/usr/share/initramfs-tools/hooks/cryptroot</filename>, by

139

extracting the information of the root file system from

140

<filename >/etc/crypttab</filename>.

141

</para>

142

<para>

143

This behavior is meant to exactly mirror the behavior of

144

<command>askpass</command>, the default password prompter.

145

</para>

146

</listitem>

147

</varlistentry>

148

</variablelist>

149

</refsect1>

150

151

152

<title>FILES</title>

153

154

155

<term><filename>/dev/.initramfs/usplash_fifo</filename></term>

156

157

<para>

158

This is the <acronym>FIFO</acronym> to where this program

159

will write the commands for <citerefentry><refentrytitle

160

>usplash</refentrytitle><manvolnum>8</manvolnum>

161

</citerefentry>. See <citerefentry><refentrytitle

162

>fifo</refentrytitle><manvolnum>7</manvolnum>

163

</citerefentry>.

164

</para>

165

</listitem>

166

</varlistentry>

167

168

<term><filename>/dev/.initramfs/usplash_outfifo</filename></term>

169

170

<para>

171

This is the <acronym>FIFO</acronym> where this program

172

will read the password from <citerefentry><refentrytitle

173

>usplash</refentrytitle><manvolnum>8</manvolnum>

174

</citerefentry>. See <citerefentry><refentrytitle

175

>fifo</refentrytitle><manvolnum>7</manvolnum>

176

</citerefentry>.

177

</para>

178

</listitem>

179

</varlistentry>

180

181

182

183

<para>

184

To find the running <citerefentry><refentrytitle

185

>usplash</refentrytitle><manvolnum>8</manvolnum>

186

</citerefentry>, this directory will be searched for

187

numeric entries which will be assumed to be directories.

188

In all those directories, the <filename>exe</filename> and

189

<filename>cmdline</filename> entries will be used to

190

determine the name of the running binary, effective user

191

and group <abbrev>ID</abbrev>, and the command line

192

arguments. See <citerefentry><refentrytitle

193

>proc</refentrytitle><manvolnum>5</manvolnum>

194

</citerefentry>.

195

</para>

196

</listitem>

197

</varlistentry>

198

199

<term><filename>/sbin/usplash</filename></term>

200

201

<para>

202

This is the name of the binary which will be searched for

203

in the process list. See <citerefentry><refentrytitle

204

>usplash</refentrytitle><manvolnum>8</manvolnum>

205

</citerefentry>.

206

</para>

207

</listitem>

208

</varlistentry>

209

</variablelist>

210

</refsect1>

211

212

213

214

<para>

215

Killing <citerefentry><refentrytitle>usplash</refentrytitle>

216

<manvolnum>8</manvolnum></citerefentry> and starting a new one

217

is ugly, but necessary as long as it does not support aborting a

218

password request.

219

</para>

220

</refsect1>

221

222

223

<title>EXAMPLE</title>

224

<para>

225

Note that normally, this program will not be invoked directly,

226

but instead started by the Mandos <citerefentry><refentrytitle

227

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>

228

</citerefentry>.

229

</para>

230

231

<para>

232

This program takes no options.

233

</para>

234

<para>

235

<userinput>&COMMANDNAME;</userinput>

236

</para>

237

</informalexample>

238

</refsect1>

239

240

241

<title>SECURITY</title>

242

<para>

243

If this program is killed by a signal, it will kill the process

244

<abbrev>ID</abbrev> which at the start of this program was

245

determined to run <citerefentry><refentrytitle

246

>usplash</refentrytitle><manvolnum>8</manvolnum></citerefentry>

247

as root (see also <xref linkend="files"/>). There is a very

248

slight risk that, in the time between those events, that process

249

<abbrev>ID</abbrev> was freed and then taken up by another

250

process; the wrong process would then be killed. Now, this

251

program can only be killed by the user who started it; see

252

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

253

<manvolnum>8mandos</manvolnum></citerefentry>. This program

254

should therefore be started by a completely separate

255

non-privileged user, and no other programs should be allowed to

256

run as that special user. This means that it is not recommended

257

to use the user "nobody" to start this program, as other

258

possibly less trusted programs could be running as "nobody", and

259

they would then be able to kill this program, triggering the

260

killing of the process <abbrev>ID</abbrev> which may or may not

261

be <citerefentry><refentrytitle>usplash</refentrytitle>

262

<manvolnum>8</manvolnum></citerefentry>.

263

</para>

264

<para>

265

The only other thing that could be considered worthy of note is

266

this: This program is meant to be run by <citerefentry>

267

<refentrytitle>plugin-runner</refentrytitle><manvolnum

268

>8mandos</manvolnum></citerefentry>, and will, when run

269

standalone, outside, in a normal environment, immediately output

270

on its standard output any presumably secret password it just

271

received. Therefore, when running this program standalone

272

(which should never normally be done), take care not to type in

273

any real secret password by force of habit, since it would then

274

immediately be shown as output.

275

</para>

276

</refsect1>

277

278

279

280

<para>

281

<citerefentry><refentrytitle>intro</refentrytitle>

282

<manvolnum>8mandos</manvolnum></citerefentry>,

283

<citerefentry><refentrytitle>crypttab</refentrytitle>

284

<manvolnum>5</manvolnum></citerefentry>,

285

286

<manvolnum>7</manvolnum></citerefentry>,

287

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

288

<manvolnum>8mandos</manvolnum></citerefentry>,

289

290

<manvolnum>5</manvolnum></citerefentry>,

291

<citerefentry><refentrytitle>usplash</refentrytitle>

292

293

</para>

294

</refsect1>

295

</refentry>

296

297

298

299

300

Older »