/mandos/trunk : revision 969

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Committer: Teddy Hogeborn
Date: 2019-02-10 04:20:26 UTC
Revision ID: teddy@recompile.se-20190210042026-3ntr3anw5scz07s0

Update copyright year to 2019

* DBUS-API: Update copyright year to 2019.
* debian/copyright: - '' -
* intro.xml: - '' -
* mandos: - '' -
* mandos-clients.conf.xml: - '' -
* mandos-ctl: - '' -
* mandos-ctl.xml: - '' -
* mandos-keygen: - '' -
* mandos-keygen.xml: - '' -
* mandos-monitor: - '' -
* mandos-monitor.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/askpass-fifo.xml: - '' -
* plugins.d/mandos-client.c: - '' -
* plugins.d/mandos-client.xml: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/plymouth.xml: - '' -
* plugins.d/splashy.xml: - '' -
* plugins.d/usplash.xml: - '' -

files removed:
debian/mandos.maintscript

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf-hook

sysusers.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.templates

debian/rules

debian/watch

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos-to-cryptroot-unlock

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2025-06-27">

<!ENTITY TIMESTAMP "2019-02-10">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

201

196

</para>

202

197

<para>

203

198

This program is not meant to be run directly; it is really meant

204

to be run by other programs in the initial

205

<acronym>RAM</acronym> disk environment; see <xref

206

linkend="overview"/>.

199

to run as a plugin of the <application>Mandos</application>

200

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

201

<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the

202

initial <acronym>RAM</acronym> disk environment because it is

203

specified as a <quote>keyscript</quote> in the <citerefentry>

204

<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>

205

</citerefentry> file.

207

206

</para>

208

207

</refsect1>

209

208

221

220

<title>OPTIONS</title>

222

221

<para>

223

222

This program is commonly not invoked from the command line; it

224

is normally started by another program as described in <xref

225

linkend="description"/>. Any command line options this program

226

accepts are therefore normally provided by the invoking program,

227

and not directly.

223

is normally started by the <application>Mandos</application>

224

plugin runner, see <citerefentry><refentrytitle

225

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>

226

</citerefentry>. Any command line options this program accepts

227

are therefore normally provided by the plugin runner, and not

228

directly.

228

229

</para>

229

230

231

481

482

<title>OVERVIEW</title>

482

483

<xi:include href="../overview.xml"/>

483

484

<para>

484

This program is the client part. It is run automatically in an

485

initial <acronym>RAM</acronym> disk environment.

486

</para>

487

<para>

488

In an initial <acronym>RAM</acronym> disk environment using

489

<citerefentry><refentrytitle>systemd</refentrytitle>

490

<manvolnum>1</manvolnum></citerefentry>, this program is started

491

by the <application>Mandos</application> <citerefentry>

492

<refentrytitle>password-agent</refentrytitle>

493

<manvolnum>8mandos</manvolnum></citerefentry>, which in turn is

494

started automatically by the <citerefentry>

495

<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>

496

</citerefentry> <quote>Password Agent</quote> system.

497

</para>

498

<para>

499

In the case of a non-<citerefentry>

500

<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>

501

</citerefentry> environment, this program is started as a plugin

502

of the <application>Mandos</application> <citerefentry>

503

<refentrytitle>plugin-runner</refentrytitle>

504

<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the

505

initial <acronym>RAM</acronym> disk environment because it is

506

specified as a <quote>keyscript</quote> in the <citerefentry>

507

<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>

508

</citerefentry> file.

485

This program is the client part. It is a plugin started by

486

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

487

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

488

an initial <acronym>RAM</acronym> disk environment.

509

489

</para>

510

490

<para>

511

491

This program could, theoretically, be used as a keyscript in

512

492

<filename>/etc/crypttab</filename>, but it would then be

513

493

impossible to enter a password for the encrypted root disk at

514

494

the console, since this program does not read from the console

515

at all.

495

at all. This is why a separate plugin runner (<citerefentry>

496

<refentrytitle>plugin-runner</refentrytitle>

497

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

498

both this program and others in in parallel,

499

<emphasis>one</emphasis> of which (<citerefentry>

500

<refentrytitle>password-prompt</refentrytitle>

501

<manvolnum>8mandos</manvolnum></citerefentry>) will prompt for

502

passwords on the system console.

516

503

</para>

517

504

</refsect1>

518

505

538

525

<para>

539

526

This environment variable will be assumed to contain the

540

527

directory containing any helper executables. The use and

541

nature of these helper executables, if any, is purposely

542

not documented.

528

nature of these helper executables, if any, is

529

purposefully not documented.

543

530

</para>

544

531

</listitem>

545

532

</varlistentry>

775

762

<title>EXAMPLE</title>

776

763

<para>

777

764

Note that normally, command line options will not be given

778

directly, but passed on via the program responsible for starting

779

this program; see <xref linkend="overview"/>.

765

directly, but via options for the Mandos <citerefentry

766

><refentrytitle>plugin-runner</refentrytitle>

767

<manvolnum>8mandos</manvolnum></citerefentry>.

780

768

</para>

781

769

782

770

<para>

828

816

829

817

<title>SECURITY</title>

830

818

<para>

831

This program assumes that it is set-uid to root, and will switch

832

back to the original (and presumably non-privileged) user and

833

group after bringing up the network interface.

819

This program is set-uid to root, but will switch back to the

820

original (and presumably non-privileged) user and group after

821

bringing up the network interface.

834

822

</para>

835

823

<para>

836

824

To use this program for its intended purpose (see <xref

884

872

<manvolnum>5</manvolnum></citerefentry>,

885

873

<citerefentry><refentrytitle>mandos</refentrytitle>

886

874

<manvolnum>8</manvolnum></citerefentry>,

887

<citerefentry><refentrytitle>password-agent</refentrytitle>

875

<citerefentry><refentrytitle>password-prompt</refentrytitle>

888

876

<manvolnum>8mandos</manvolnum></citerefentry>,

889

877

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

890

878

<manvolnum>8mandos</manvolnum></citerefentry>

903

891

</varlistentry>

904

892

905

893

<term>

906

<ulink url="https://www.avahi.org/">Avahi</ulink>

894

<ulink url="http://www.avahi.org/">Avahi</ulink>

907

895

</term>

908

896

909

897

<para>

Older »