/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2011-10-05">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-04">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
34
      <holder>Teddy Hogeborn</holder>
38
35
      <holder>Björn Påhlsson</holder>
39
36
    </copyright>
40
37
    <xi:include href="legalnotice.xml"/>
41
38
  </refentryinfo>
42
 
  
 
39
 
43
40
  <refmeta>
44
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
45
42
    <manvolnum>8mandos</manvolnum>
51
48
      Run Mandos plugins, pass data from first to succeed.
52
49
    </refpurpose>
53
50
  </refnamediv>
54
 
  
 
51
 
55
52
  <refsynopsisdiv>
56
53
    <cmdsynopsis>
57
54
      <command>&COMMANDNAME;</command>
58
55
      <group rep="repeat">
59
56
        <arg choice="plain"><option>--global-env=<replaceable
60
 
        >ENV</replaceable><literal>=</literal><replaceable
 
57
        >VAR</replaceable><literal>=</literal><replaceable
61
58
        >value</replaceable></option></arg>
62
59
        <arg choice="plain"><option>-G
63
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
60
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
64
61
        >value</replaceable> </option></arg>
65
62
      </group>
66
63
      <sbr/>
173
170
    <variablelist>
174
171
      <varlistentry>
175
172
        <term><option>--global-env
176
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
173
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
177
174
        >value</replaceable></option></term>
178
175
        <term><option>-G
179
 
        <replaceable>ENV</replaceable><literal>=</literal><replaceable
 
176
        <replaceable>VAR</replaceable><literal>=</literal><replaceable
180
177
        >value</replaceable></option></term>
181
178
        <listitem>
182
179
          <para>
250
247
          </para>
251
248
        </listitem>
252
249
      </varlistentry>
253
 
      
 
250
 
254
251
      <varlistentry>
255
252
        <term><option>--disable
256
253
        <replaceable>PLUGIN</replaceable></option></term>
261
258
            Disable the plugin named
262
259
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
263
260
            started.
264
 
          </para>
 
261
          </para>       
265
262
        </listitem>
266
263
      </varlistentry>
267
 
      
 
264
 
268
265
      <varlistentry>
269
266
        <term><option>--enable
270
267
        <replaceable>PLUGIN</replaceable></option></term>
279
276
          </para>
280
277
        </listitem>
281
278
      </varlistentry>
282
 
      
 
279
 
283
280
      <varlistentry>
284
281
        <term><option>--groupid
285
282
        <replaceable>ID</replaceable></option></term>
292
289
          </para>
293
290
        </listitem>
294
291
      </varlistentry>
295
 
      
 
292
 
296
293
      <varlistentry>
297
294
        <term><option>--userid
298
295
        <replaceable>ID</replaceable></option></term>
305
302
          </para>
306
303
        </listitem>
307
304
      </varlistentry>
308
 
      
 
305
 
309
306
      <varlistentry>
310
307
        <term><option>--plugin-dir
311
308
        <replaceable>DIRECTORY</replaceable></option></term>
368
365
          </para>
369
366
        </listitem>
370
367
      </varlistentry>
371
 
      
 
368
 
372
369
      <varlistentry>
373
370
        <term><option>--version</option></term>
374
371
        <term><option>-V</option></term>
380
377
      </varlistentry>
381
378
    </variablelist>
382
379
  </refsect1>
383
 
  
 
380
 
384
381
  <refsect1 id="overview">
385
382
    <title>OVERVIEW</title>
386
383
    <xi:include href="overview.xml"/>
406
403
      code will make this plugin-runner output the password from that
407
404
      plugin, stop any other plugins, and exit.
408
405
    </para>
409
 
    
 
406
 
410
407
    <refsect2 id="writing_plugins">
411
408
      <title>WRITING PLUGINS</title>
412
409
      <para>
419
416
        console.
420
417
      </para>
421
418
      <para>
422
 
        If the password is a single-line, manually entered passprase,
423
 
        a final trailing newline character should
424
 
        <emphasis>not</emphasis> be printed.
425
 
      </para>
426
 
      <para>
427
419
        The plugin will run in the initial RAM disk environment, so
428
420
        care must be taken not to depend on any files or running
429
421
        services not available there.
518
510
    </para>
519
511
  </refsect1>
520
512
  
521
 
  <refsect1 id="bugs">
522
 
    <title>BUGS</title>
523
 
    <para>
524
 
      The <option>--config-file</option> option is ignored when
525
 
      specified from within a configuration file.
526
 
    </para>
527
 
  </refsect1>
 
513
<!--   <refsect1 id="bugs"> -->
 
514
<!--     <title>BUGS</title> -->
 
515
<!--     <para> -->
 
516
<!--     </para> -->
 
517
<!--   </refsect1> -->
528
518
  
529
519
  <refsect1 id="examples">
530
520
    <title>EXAMPLE</title>
572
562
    </informalexample>
573
563
    <informalexample>
574
564
      <para>
575
 
        Run plugins from a different directory, read a different
576
 
        configuration file, and add two options to the
577
 
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
 
565
        Run plugins from a different directory and add two
 
566
        options to the <citerefentry><refentrytitle
 
567
        >password-request</refentrytitle>
578
568
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
579
569
      </para>
580
570
      <para>
581
571
 
582
572
<!-- do not wrap this line -->
583
 
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
 
573
<userinput>&COMMANDNAME;  --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>
584
574
 
585
575
      </para>
586
576
    </informalexample>
594
584
      non-privileged.  This user and group is then what all plugins
595
585
      will be started as.  Therefore, the only way to run a plugin as
596
586
      a privileged user is to have the set-user-ID or set-group-ID bit
597
 
      set on the plugin executable file (see <citerefentry>
 
587
      set on the plugin executable files (see <citerefentry>
598
588
      <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
599
589
      </citerefentry>).
600
590
    </para>
618
608
  <refsect1 id="see_also">
619
609
    <title>SEE ALSO</title>
620
610
    <para>
621
 
      <citerefentry><refentrytitle>intro</refentrytitle>
622
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
623
611
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
624
612
      <manvolnum>8</manvolnum></citerefentry>,
625
613
      <citerefentry><refentrytitle>crypttab</refentrytitle>
630
618
      <manvolnum>8</manvolnum></citerefentry>,
631
619
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
632
620
      <manvolnum>8mandos</manvolnum></citerefentry>,
633
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
621
      <citerefentry><refentrytitle>password-request</refentrytitle>
634
622
      <manvolnum>8mandos</manvolnum></citerefentry>
635
623
    </para>
636
624
  </refsect1>