/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/usplash

  • Committer: Teddy Hogeborn
  • Date: 2014-06-22 02:19:30 UTC
  • Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml
mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
 (password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/bin/sh -e
2
 
 
3
 
# If not on a tty, then get rid of possibly disrupting stderr output
4
 
if ! tty -s; then
5
 
    exec 2>/dev/null
6
 
fi
7
 
 
8
 
test -x /sbin/usplash
9
 
 
10
 
usplash="`pidof usplash -o $$`"
11
 
test -n "$usplash"
12
 
 
13
 
# We get some variables from cryptsetup:
14
 
# $cryptsource  the device node, like "/dev/sda3"
15
 
# $crypttarget  the device mapper name, like "sda3_crypt".
16
 
 
17
 
prompt="Enter passphrase to unlock"
18
 
if [ -n "$crypttarget" ]; then
19
 
    prompt="$prompt the disk $crypttarget"
20
 
fi
21
 
if [ -n "$cryptsource" ]; then
22
 
    prompt="$prompt ($cryptsource)"
23
 
fi
24
 
 
25
 
splash_input_password(){
26
 
    test -p /dev/.initramfs/usplash_outfifo || return 1
27
 
    /sbin/usplash_write "INPUTQUIET $1" || return 1
28
 
    cat /dev/.initramfs/usplash_outfifo 2> /dev/null || return 1
29
 
}
30
 
 
31
 
# Usplash keeps waiting for input even if some other plugin provided
32
 
# the password, so we must kill it
33
 
trap "kill -TERM $usplash; sleep 2; kill -KILL $usplash; 
34
 
        kill -TERM $$" TERM HUP
35
 
 
36
 
password="`splash_input_password \"$prompt: \" password`"
37
 
 
38
 
trap - TERM
39
 
 
40
 
/sbin/usplash_write "TIMEOUT 15"
41
 
 
42
 
echo -n "$password"