/mandos/trunk : revision 758

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

Committer: Teddy Hogeborn
Date: 2015-07-06 20:14:45 UTC
Revision ID: teddy@recompile.se-20150706201445-kq3o6qozigmiqsp9

plugin-runner.xml (EXAMPLE): Use the /usr/lib/<arch> directory.
Also explain used options in order.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugin-runner.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "plugin-runner">

<!ENTITY TIMESTAMP "2008-09-04">

<!ENTITY TIMESTAMP "2015-06-28">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

Run Mandos plugins, pass data from first to succeed.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--global-env=<replaceable

>VAR</replaceable><literal>=</literal><replaceable

>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable></option></arg>

<arg choice="plain"><option>-G

<replaceable>VAR</replaceable><literal>=</literal><replaceable

<replaceable>ENV</replaceable><literal>=</literal><replaceable

>value</replaceable> </option></arg>

</group>

<sbr/>

170

173

171

174

172

175

<term><option>--global-env

173

<replaceable>VAR</replaceable><literal>=</literal><replaceable

176

<replaceable>ENV</replaceable><literal>=</literal><replaceable

174

177

>value</replaceable></option></term>

175

178

<term><option>-G

176

<replaceable>VAR</replaceable><literal>=</literal><replaceable

179

<replaceable>ENV</replaceable><literal>=</literal><replaceable

177

180

>value</replaceable></option></term>

178

181

179

182

<para>

247

250

</para>

248

251

</listitem>

249

252

</varlistentry>

250

253

251

254

252

255

<term><option>--disable

253

256

<replaceable>PLUGIN</replaceable></option></term>

258

261

Disable the plugin named

259

262

<replaceable>PLUGIN</replaceable>. The plugin will not be

260

263

started.

261

</para>

264

</para>

262

265

</listitem>

263

266

</varlistentry>

264

267

265

268

266

269

<term><option>--enable

267

270

<replaceable>PLUGIN</replaceable></option></term>

276

279

</para>

277

280

</listitem>

278

281

</varlistentry>

279

282

280

283

281

284

<term><option>--groupid

282

285

289

292

</para>

290

293

</listitem>

291

294

</varlistentry>

292

295

293

296

294

297

<term><option>--userid

295

298

302

305

</para>

303

306

</listitem>

304

307

</varlistentry>

305

308

306

309

307

310

<term><option>--plugin-dir

308

311

<replaceable>DIRECTORY</replaceable></option></term>

365

368

</para>

366

369

</listitem>

367

370

</varlistentry>

368

371

369

372

370

373

<term><option>--version</option></term>

371

374

377

380

</varlistentry>

378

381

</variablelist>

379

382

</refsect1>

380

383

381

384

382

385

<title>OVERVIEW</title>

383

386

<xi:include href="overview.xml"/>

403

406

code will make this plugin-runner output the password from that

404

407

plugin, stop any other plugins, and exit.

405

408

</para>

406

409

407

410

408

411

<title>WRITING PLUGINS</title>

409

412

<para>

416

419

console.

417

420

</para>

418

421

<para>

422

If the password is a single-line, manually entered passprase,

423

a final trailing newline character should

424

<emphasis>not</emphasis> be printed.

425

</para>

426

<para>

419

427

The plugin will run in the initial RAM disk environment, so

420

428

care must be taken not to depend on any files or running

421

429

services not available there.

564

572

</informalexample>

565

573

566

574

<para>

567

Run plugins from a different directory and add two

568

options to the <citerefentry><refentrytitle

569

>password-request</refentrytitle>

575

Read a different configuration file, run plugins from a

576

different directory, specify an alternate plugin helper

577

directory and add two options to the

578

<citerefentry><refentrytitle >mandos-client</refentrytitle>

570

579

<manvolnum>8mandos</manvolnum></citerefentry> plugin:

571

580

</para>

572

581

<para>

573

582

574

583

575

<userinput>&COMMANDNAME; --plugin-dir=plugins.d --options-for=password-request:--pubkey=keydir/pubkey.txt,--seckey=keydir/seckey.txt</userinput>

584

<userinput>cd /etc/keys/mandos; &COMMANDNAME; --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>

576

585

577

586

</para>

578

587

</informalexample>

586

595

non-privileged. This user and group is then what all plugins

587

596

will be started as. Therefore, the only way to run a plugin as

588

597

a privileged user is to have the set-user-ID or set-group-ID bit

589

set on the plugin executable files (see <citerefentry>

598

set on the plugin executable file (see <citerefentry>

590

599

<refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>

591

600

</citerefentry>).

592

601

</para>

610

619

611

620

612

621

<para>

622

<citerefentry><refentrytitle>intro</refentrytitle>

623

<manvolnum>8mandos</manvolnum></citerefentry>,

613

624

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

614

625

<manvolnum>8</manvolnum></citerefentry>,

615

626

<citerefentry><refentrytitle>crypttab</refentrytitle>

620

631

<manvolnum>8</manvolnum></citerefentry>,

621

632

<citerefentry><refentrytitle>password-prompt</refentrytitle>

622

633

<manvolnum>8mandos</manvolnum></citerefentry>,

623

<citerefentry><refentrytitle>password-request</refentrytitle>

634

<citerefentry><refentrytitle>mandos-client</refentrytitle>

624

635

<manvolnum>8mandos</manvolnum></citerefentry>

625

636

</para>

626

637

</refsect1>

Older »