/mandos/trunk

To get this branch, use:
bzr branch /loggerhead/mandos/trunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY COMMANDNAME "plymouth">
<!ENTITY TIMESTAMP "2019-07-27">
<!ENTITY % common SYSTEM "../common.ent">
%common;
]>

<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>Mandos Manual</title>
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
    <productname>Mandos</productname>
    <productnumber>&version;</productnumber>
    <date>&TIMESTAMP;</date>
    <authorgroup>
      <author>
	<firstname>Björn</firstname>
	<surname>Påhlsson</surname>
	<address>
	  <email>belorn@recompile.se</email>
	</address>
      </author>
      <author>
	<firstname>Teddy</firstname>
	<surname>Hogeborn</surname>
	<address>
	  <email>teddy@recompile.se</email>
	</address>
      </author>
    </authorgroup>
    <copyright>
      <year>2010</year>
      <year>2011</year>
      <year>2012</year>
      <year>2013</year>
      <year>2014</year>
      <year>2015</year>
      <year>2016</year>
      <year>2017</year>
      <year>2018</year>
      <year>2019</year>
      <holder>Teddy Hogeborn</holder>
      <holder>Björn Påhlsson</holder>
    </copyright>
    <xi:include href="../legalnotice.xml"/>
  </refentryinfo>
  
  <refmeta>
    <refentrytitle>&COMMANDNAME;</refentrytitle>
    <manvolnum>8mandos</manvolnum>
  </refmeta>
  
  <refnamediv>
    <refname><command>&COMMANDNAME;</command></refname>
    <refpurpose>Mandos plugin to use plymouth to get a
    password.</refpurpose>
  </refnamediv>
  
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>&COMMANDNAME;</command>
      <arg choice="opt">
	<option>--prompt <replaceable>PROMPT</replaceable></option>
      </arg>
      <arg><option>--debug</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>&COMMANDNAME;</command>
      <group choice="req">
	<arg choice="plain"><option>--help</option></arg>
	<arg choice="plain"><option>-?</option></arg>
      </group>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>&COMMANDNAME;</command>
      <arg choice="plain"><option>--usage</option></arg>
    </cmdsynopsis>
    <cmdsynopsis>
      <command>&COMMANDNAME;</command>
      <group choice="req">
	<arg choice="plain"><option>--version</option></arg>
	<arg choice="plain"><option>-V</option></arg>
      </group>
    </cmdsynopsis>
  </refsynopsisdiv>
  
  <refsect1 id="description">
    <title>DESCRIPTION</title>
    <para>
      This program prompts for a password using <citerefentry>
      <refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> and outputs any given password to standard
      output.  If no <citerefentry><refentrytitle
      >plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      process can be found, this program will immediately exit with an
      exit code indicating failure.
    </para>
    <para>
      This program is not very useful on its own.  This program is
      really meant to run as a plugin in the <application
      >Mandos</application> client-side system, where it is used as a
      fallback and alternative to retrieving passwords from a
      <application >Mandos</application> server.
    </para>
    <para>
      If this program is killed (presumably by
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry> because some other
      plugin provided the password), it cannot tell <citerefentry>
      <refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> to abort requesting a password, because
      <citerefentry><refentrytitle>plymouth</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> does not support this.
      Therefore, this program will then <emphasis>kill</emphasis> the
      running <citerefentry><refentrytitle>plymouth</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> process and start a
      <emphasis>new</emphasis> one using the same command line
      arguments as the old one was using.
    </para>
  </refsect1>
  
  <refsect1 id="options">
    <title>OPTIONS</title>
    <para>
      This program is commonly not invoked from the command line; it
      is normally started by the <application>Mandos</application>
      plugin runner, see <citerefentry><refentrytitle
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
      </citerefentry>.  Any command line options this program accepts
      are therefore normally provided by the plugin runner, and not
      directly.
    </para>
    
    <variablelist>
      <varlistentry>
	<term><option>--prompt=<replaceable
	>PROMPT</replaceable></option></term>
	<listitem>
	  <para>
	    The password prompt.  Note that using this option will
	    make this program ignore the <envar>cryptsource</envar>
	    and <envar>crypttarget</envar> environment variables.
	  </para>
	</listitem>
      </varlistentry>
      
      <varlistentry>
	<term><option>--debug</option></term>
	<listitem>
	  <para>
	    Enable debug mode.  This will enable a lot of output to
	    standard error about what the program is doing.  The
	    program will still perform all other functions normally.
	  </para>
	</listitem>
      </varlistentry>
      
      <varlistentry>
	<term><option>--help</option></term>
	<term><option>-?</option></term>
	<listitem>
	  <para>
	    Gives a help message about options and their meanings.
	  </para>
	</listitem>
      </varlistentry>
      
      <varlistentry>
	<term><option>--usage</option></term>
	<listitem>
	  <para>
	    Gives a short usage message.
	  </para>
	</listitem>
      </varlistentry>
      
      <varlistentry>
	<term><option>--version</option></term>
	<term><option>-V</option></term>
	<listitem>
	  <para>
	    Prints the program version.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  
  <refsect1 id="exit_status">
    <title>EXIT STATUS</title>
    <para>
      If exit status is 0, the output from the program is the password
      as it was read.  Otherwise, if exit status is other than 0, the
      program was interrupted or encountered an error, and any output
      so far could be corrupt and/or truncated, and should therefore
      be ignored.
    </para>
  </refsect1>
  
  <refsect1 id="environment">
    <title>ENVIRONMENT</title>
    <variablelist>
      <varlistentry>
	<term><envar>cryptsource</envar></term>
	<term><envar>crypttarget</envar></term>
	<listitem>
	  <para>
	    If set, and if the <option>--prompt</option> option is not
	    used, these environment variables will be assumed to
	    contain the source device name and the target device
	    mapper name, respectively, and will be shown as part of
	    the prompt.
	</para>
	<para>
	  These variables will normally be inherited from
	  <citerefentry><refentrytitle>plugin-runner</refentrytitle>
	  <manvolnum>8mandos</manvolnum></citerefentry>, which might
	  have in turn inherited them from its calling process.
	</para>
	<para>
	  This behavior is meant to exactly mirror the behavior of
	  <command>askpass</command>, the default password prompter
	  from initramfs-tools.
	</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  
  <refsect1 id="files">
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/bin/plymouth</filename></term>
	<listitem>
	  <para>
	    This is the command run to retrieve a password from
	    <citerefentry><refentrytitle>plymouth</refentrytitle>
	    <manvolnum>8</manvolnum></citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename class="directory">/proc</filename></term>
	<listitem>
	  <para>
	    To find the running <citerefentry><refentrytitle
	    >plymouth</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>, this directory will be searched for
	    numeric entries which will be assumed to be directories.
	    In all those directories, the <filename>exe</filename> and
	    <filename>cmdline</filename> entries will be used to
	    determine the name of the running binary, effective user
	    and group <abbrev>ID</abbrev>, and the command line
	    arguments.  See <citerefentry><refentrytitle
	    >proc</refentrytitle><manvolnum>5</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/sbin/plymouthd</filename></term>
	<listitem>
	  <para>
	    This is the name of the binary which will be searched for
	    in the process list.  See <citerefentry><refentrytitle
	    >plymouth</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  
  <refsect1 id="bugs">
    <title>BUGS</title>
    <para>
      Killing the <citerefentry><refentrytitle
      >plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      daemon and starting a new one is ugly, but necessary as long as
      it does not support aborting a password request.
    </para>
    <xi:include href="../bugs.xml"/>
  </refsect1>
  
  <refsect1 id="example">
    <title>EXAMPLE</title>
    <para>
      Note that normally, this program will not be invoked directly,
      but instead started by the Mandos <citerefentry><refentrytitle
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
      </citerefentry>.
    </para>
    <informalexample>
      <para>
	Normal invocation needs no options:
      </para>
      <para>
	<userinput>&COMMANDNAME;</userinput>
      </para>
    </informalexample>
    <informalexample>
      <para>
	Show a different prompt.
      </para>
      <para>
	<userinput>&COMMANDNAME; --prompt=Password</userinput>
      </para>
    </informalexample>
  </refsect1>
  
  <refsect1 id="security">
    <title>SECURITY</title>
    <para>
      If this program is killed by a signal, it will kill the process
      <abbrev>ID</abbrev> which at the start of this program was
      determined to run <citerefentry><refentrytitle
      >plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      as root (see also <xref linkend="files"/>).  There is a very
      slight risk that, in the time between those events, that process
      <abbrev>ID</abbrev> was freed and then taken up by another
      process; the wrong process would then be killed.  Now, this
      program can only be killed by the user who started it; see
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>.  This program
      should therefore be started by a completely separate
      non-privileged user, and no other programs should be allowed to
      run as that special user.  This means that it is not recommended
      to use the user "nobody" to start this program, as other
      possibly less trusted programs could be running as "nobody", and
      they would then be able to kill this program, triggering the
      killing of the process <abbrev>ID</abbrev> which may or may not
      be <citerefentry><refentrytitle>plymouth</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry>.
    </para>
    <para>
      The only other thing that could be considered worthy of note is
      this:  This program is meant to be run by <citerefentry>
      <refentrytitle>plugin-runner</refentrytitle><manvolnum
      >8mandos</manvolnum></citerefentry>, and will, when run
      standalone, outside, in a normal environment, immediately output
      on its standard output any presumably secret password it just
      received.  Therefore, when running this program standalone
      (which should never normally be done), take care not to type in
      any real secret password by force of habit, since it would then
      immediately be shown as output.
    </para>
  </refsect1>
  
  <refsect1 id="see_also">
    <title>SEE ALSO</title>
    <para>
      <citerefentry><refentrytitle>intro</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>proc</refentrytitle>
      <manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>plymouth</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
<!-- Local Variables: -->
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
<!-- time-stamp-end: "[\"']>" -->
<!-- time-stamp-format: "%:y-%02m-%02d" -->
<!-- End: -->