/mandos/trunk : revision 505.3.10

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

Committer: Teddy Hogeborn
Date: 2011-11-24 20:15:24 UTC
mto: (505.2.8 mandos-client-network-hooks)
mto: This revision was merged to the branch mainline in revision 525.
Revision ID: teddy@recompile.se-20111124201524-5w9ovzpuw3drdlgf

* network-hooks.d: New directory.
* network-hooks.d/bridge: New example hook.
* network-hooks.d/bridge.conf: Config file for bridge example hook.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "plugin-runner">

<!ENTITY TIMESTAMP "2008-09-04">

<!ENTITY TIMESTAMP "2011-10-05">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

Run Mandos plugins, pass data from first to succeed.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--global-env=<replaceable

>VAR</replaceable><literal>=</literal><replaceable

>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable></option></arg>

<arg choice="plain"><option>-G

<replaceable>VAR</replaceable><literal>=</literal><replaceable

<replaceable>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable> </option></arg>

</group>

<sbr/>

170

173

171

174

172

175

<term><option>--global-env

173

<replaceable>VAR</replaceable><literal>=</literal><replaceable

176

<replaceable>ENV</replaceable><literal>=</literal><replaceable

174

177

>value</replaceable></option></term>

175

178

<term><option>-G

176

<replaceable>VAR</replaceable><literal>=</literal><replaceable

179

<replaceable>ENV</replaceable><literal>=</literal><replaceable

177

180

>value</replaceable></option></term>

178

181

179

182

<para>

247

250

</para>

248

251

</listitem>

249

252

</varlistentry>

250

253

251

254

252

255

<term><option>--disable

253

256

<replaceable>PLUGIN</replaceable></option></term>

258

261

Disable the plugin named

259

262

<replaceable>PLUGIN</replaceable>. The plugin will not be

260

263

started.

261

</para>

264

</para>

262

265

</listitem>

263

266

</varlistentry>

264

267

265

268

266

269

<term><option>--enable

267

270

<replaceable>PLUGIN</replaceable></option></term>

276

279

</para>

277

280

</listitem>

278

281

</varlistentry>

279

282

280

283

281

284

<term><option>--groupid

282

285

289

292

</para>

290

293

</listitem>

291

294

</varlistentry>

292

295

293

296

294

297

<term><option>--userid

295

298

302

305

</para>

303

306

</listitem>

304

307

</varlistentry>

305

308

306

309

307

310

<term><option>--plugin-dir

308

311

<replaceable>DIRECTORY</replaceable></option></term>

365

368

</para>

366

369

</listitem>

367

370

</varlistentry>

368

371

369

372

370

373

<term><option>--version</option></term>

371

374

377

380

</varlistentry>

378

381

</variablelist>

379

382

</refsect1>

380

383

381

384

382

385

<title>OVERVIEW</title>

383

386

<xi:include href="overview.xml"/>

403

406

code will make this plugin-runner output the password from that

404

407

plugin, stop any other plugins, and exit.

405

408

</para>

406

409

407

410

408

411

<title>WRITING PLUGINS</title>

409

412

<para>

416

419

console.

417

420

</para>

418

421

<para>

422

If the password is a single-line, manually entered passprase,

423

a final trailing newline character should

424

<emphasis>not</emphasis> be printed.

425

</para>

426

<para>

419

427

The plugin will run in the initial RAM disk environment, so

420

428

care must be taken not to depend on any files or running

421

429

services not available there.

564

572

</informalexample>

565

573

566

574

<para>

567

Run plugins from a different directory and add two

568

options to the <citerefentry><refentrytitle

569

>password-request</refentrytitle>

575

Run plugins from a different directory, read a different

576

configuration file, and add two options to the

577

<citerefentry><refentrytitle >mandos-client</refentrytitle>

570

578

<manvolnum>8mandos</manvolnum></citerefentry> plugin:

571

579

</para>

572

580

<para>

573

581

574

582

575

<userinput>&COMMANDNAME; --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>

583

<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>

576

584

577

585

</para>

578

586

</informalexample>

586

594

non-privileged. This user and group is then what all plugins

587

595

will be started as. Therefore, the only way to run a plugin as

588

596

a privileged user is to have the set-user-ID or set-group-ID bit

589

set on the plugin executable files (see <citerefentry>

597

set on the plugin executable file (see <citerefentry>

590

598

<refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>

591

599

</citerefentry>).

592

600

</para>

610

618

611

619

612

620

<para>

621

<citerefentry><refentrytitle>intro</refentrytitle>

622

<manvolnum>8mandos</manvolnum></citerefentry>,

613

623

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

614

624

<manvolnum>8</manvolnum></citerefentry>,

615

625

<citerefentry><refentrytitle>crypttab</refentrytitle>

620

630

<manvolnum>8</manvolnum></citerefentry>,

621

631

<citerefentry><refentrytitle>password-prompt</refentrytitle>

622

632

<manvolnum>8mandos</manvolnum></citerefentry>,

623

<citerefentry><refentrytitle>password-request</refentrytitle>

633

<citerefentry><refentrytitle>mandos-client</refentrytitle>

624

634

<manvolnum>8mandos</manvolnum></citerefentry>

625

635

</para>

626

636

</refsect1>

Older »