/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-01 20:01:26 UTC
  • mto: This revision was merged to the branch mainline in revision 759.
  • Revision ID: teddy@recompile.se-20150701200126-qb3f6c3jcas2f4og
mandos-client: Try to start a plugin to add and remove a local route.

* debian/mandos-client.README.Debian: Add setting of environment
                                      variable MANDOSPLUGINHELPERDIR
                                      to command line testing
                                      mandos-client.
* mandos-client.c (raise_privileges): Moved to top of file.
                  (raise_privileges_permanently): - '' -
                  (lower_privileges): - '' -
                  (lower_privileges_permanently): - '' -
  (add_remove_local_route, add_local_route, remove_local_route): New.
  (start_mandos_communication): Set SOCK_CLOEXEC flag on socket.  Run
                                the above functions to add (and
                                remove) local route, if the conditions
                                indicates it could help.
  (run_network_hooks): Use O_DIRECTORY, O_PATH, and O_CLOEXEC flags
                       when opening network hook directory. Do
                       TEMP_FAILURE_RETRY around opening of /dev/null
                       and network hook executables.  Move redirecting
                       of stdout and stderr to as late as possible
                       before fexecve().
  (main): Use O_DIRECTORY and O_PATH when opening temporary directory.
* plugins.d/mandos-client.xml (ENVIRONMENT): Document usage of the
                                             MANDOSPLUGINHELPERDIR
                                             environment variable.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/password-prompt.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-prompt">
5
 
<!ENTITY TIMESTAMP "2019-07-27">
 
5
<!ENTITY TIMESTAMP "2012-01-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
36
      <year>2011</year>
38
37
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
 
      <year>2019</year>
46
38
      <holder>Teddy Hogeborn</holder>
47
39
      <holder>Björn Påhlsson</holder>
48
40
    </copyright>
69
61
        >PREFIX</replaceable></arg>
70
62
      </group>
71
63
      <sbr/>
72
 
      <arg choice="opt">
73
 
        <option>--prompt <replaceable>PROMPT</replaceable></option>
74
 
      </arg>
75
64
      <arg choice="opt"><option>--debug</option></arg>
76
65
    </cmdsynopsis>
77
66
    <cmdsynopsis>
113
102
      wrapper, although actual use of that function is not guaranteed
114
103
      or implied.
115
104
    </para>
116
 
    <para>
117
 
      This program tries to detect if a Plymouth daemon
118
 
      (<citerefentry><refentrytitle
119
 
      >plymouthd</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
120
 
      is running, by looking for a
121
 
      <filename>/run/plymouth/pid</filename> file or a process named
122
 
      <quote><literal>plymouthd</literal></quote>.  If it is detected,
123
 
      this process will immediately exit without doing anything.
124
 
    </para>
125
105
  </refsect1>
126
106
  
127
107
  <refsect1 id="options">
150
130
      </varlistentry>
151
131
      
152
132
      <varlistentry>
153
 
        <term><option>--prompt=<replaceable
154
 
        >PROMPT</replaceable></option></term>
155
 
        <listitem>
156
 
          <para>
157
 
            The password prompt.  Using this option will make this
158
 
            program ignore the <envar>CRYPTTAB_SOURCE</envar> and
159
 
            <envar>CRYPTTAB_NAME</envar> environment variables.
160
 
          </para>
161
 
        </listitem>
162
 
      </varlistentry>
163
 
      
164
 
      <varlistentry>
165
133
        <term><option>--debug</option></term>
166
134
        <listitem>
167
135
          <para>
221
189
        <term><envar>CRYPTTAB_NAME</envar></term>
222
190
        <listitem>
223
191
          <para>
224
 
            If set, and if the <option>--prompt</option> option is not
225
 
            used, these environment variables will be assumed to
 
192
            If set, these environment variables will be assumed to
226
193
            contain the source device name and the target device
227
194
            mapper name, respectively, and will be shown as part of
228
195
            the prompt.
230
197
        <para>
231
198
          These variables will normally be inherited from
232
199
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
233
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
234
 
          have in turn inherited them from its calling process.
 
200
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
201
          normally have inherited them from
 
202
          <filename>/scripts/local-top/cryptroot</filename> in the
 
203
          initial <acronym>RAM</acronym> disk environment, which will
 
204
          have set them from parsing kernel arguments and
 
205
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
206
          initial RAM disk environment), which in turn will have been
 
207
          created when the initial RAM disk image was created by
 
208
          <filename
 
209
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
210
          extracting the information of the root file system from
 
211
          <filename >/etc/crypttab</filename>.
235
212
        </para>
236
213
        <para>
237
214
          This behavior is meant to exactly mirror the behavior of
238
 
          <command>askpass</command>, the default password prompter
239
 
          from initramfs-tools.
 
215
          <command>askpass</command>, the default password prompter.
240
216
        </para>
241
217
        </listitem>
242
218
      </varlistentry>
245
221
  
246
222
  <refsect1 id="bugs">
247
223
    <title>BUGS</title>
248
 
    <xi:include href="../bugs.xml"/>
 
224
    <para>
 
225
      None are known at this time.
 
226
    </para>
249
227
  </refsect1>
250
228
  
251
229
  <refsect1 id="example">
317
295
    <title>SEE ALSO</title>
318
296
    <para>
319
297
      <citerefentry><refentrytitle>intro</refentrytitle>
320
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
298
      <manvolnum>8mandos</manvolnum></citerefentry>
 
299
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
300
      <manvolnum>5</manvolnum></citerefentry>
321
301
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
322
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
302
      <manvolnum>8mandos</manvolnum></citerefentry>
323
303
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
324
304
      <manvolnum>8mandos</manvolnum></citerefentry>,
325
 
      <citerefentry><refentrytitle>plymouthd</refentrytitle>
326
 
      <manvolnum>8</manvolnum></citerefentry>
327
305
    </para>
328
306
  </refsect1>
329
307
</refentry>