/mandos/trunk

To get this branch, use:
bzr branch /loggerhead/mandos/trunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY COMMANDNAME "usplash">
<!ENTITY TIMESTAMP "2019-02-10">
<!ENTITY % common SYSTEM "../common.ent">
%common;
]>

<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>Mandos Manual</title>
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
    <productname>Mandos</productname>
    <productnumber>&version;</productnumber>
    <date>&TIMESTAMP;</date>
    <authorgroup>
      <author>
	<firstname>Björn</firstname>
	<surname>Påhlsson</surname>
	<address>
	  <email>belorn@recompile.se</email>
	</address>
      </author>
      <author>
	<firstname>Teddy</firstname>
	<surname>Hogeborn</surname>
	<address>
	  <email>teddy@recompile.se</email>
	</address>
      </author>
    </authorgroup>
    <copyright>
      <year>2008</year>
      <year>2009</year>
      <year>2010</year>
      <year>2011</year>
      <year>2012</year>
      <year>2013</year>
      <year>2014</year>
      <year>2015</year>
      <year>2016</year>
      <year>2017</year>
      <year>2018</year>
      <year>2019</year>
      <holder>Teddy Hogeborn</holder>
      <holder>Björn Påhlsson</holder>
    </copyright>
    <xi:include href="../legalnotice.xml"/>
  </refentryinfo>
  
  <refmeta>
    <refentrytitle>&COMMANDNAME;</refentrytitle>
    <manvolnum>8mandos</manvolnum>
  </refmeta>
  
  <refnamediv>
    <refname><command>&COMMANDNAME;</command></refname>
    <refpurpose>Mandos plugin to use usplash to get a
    password.</refpurpose>
  </refnamediv>
  
  <refsynopsisdiv>
    <cmdsynopsis>
      <command>&COMMANDNAME;</command>
    </cmdsynopsis>
  </refsynopsisdiv>
  
  <refsect1 id="description">
    <title>DESCRIPTION</title>
    <para>
      This program prompts for a password using <citerefentry>
      <refentrytitle>usplash</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> and outputs any given password to standard
      output.  If no <citerefentry><refentrytitle
      >usplash</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      process can be found, this program will immediately exit with an
      exit code indicating failure.
    </para>
    <para>
      This program is not very useful on its own.  This program is
      really meant to run as a plugin in the <application
      >Mandos</application> client-side system, where it is used as a
      fallback and alternative to retrieving passwords from a
      <application >Mandos</application> server.
    </para>
    <para>
      If this program is killed (presumably by
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry> because some other
      plugin provided the password), it cannot tell <citerefentry>
      <refentrytitle>usplash</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry> to abort requesting a password, because
      <citerefentry><refentrytitle>usplash</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> does not support this.
      Therefore, this program will then <emphasis>kill</emphasis> the
      running <citerefentry><refentrytitle>usplash</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> process and start a
      <emphasis>new</emphasis> one using the same command line
      arguments as the old one was using.
    </para>
  </refsect1>
  
  <refsect1 id="options">
    <title>OPTIONS</title>
    <para>
      This program takes no options.
    </para>
  </refsect1>
  
  <refsect1 id="exit_status">
    <title>EXIT STATUS</title>
    <para>
      If exit status is 0, the output from the program is the password
      as it was read.  Otherwise, if exit status is other than 0, the
      program was interrupted or encountered an error, and any output
      so far could be corrupt and/or truncated, and should therefore
      be ignored.
    </para>
  </refsect1>
  
  <refsect1 id="environment">
    <title>ENVIRONMENT</title>
    <variablelist>
      <varlistentry>
	<term><envar>cryptsource</envar></term>
	<term><envar>crypttarget</envar></term>
	<listitem>
	  <para>
	    If set, these environment variables will be assumed to
	    contain the source device name and the target device
	    mapper name, respectively, and will be shown as part of
	    the prompt.
	</para>
	<para>
	  These variables will normally be inherited from
	  <citerefentry><refentrytitle>plugin-runner</refentrytitle>
	  <manvolnum>8mandos</manvolnum></citerefentry>, which might
	  have in turn inherited them from its calling process.
	</para>
	<para>
	  This behavior is meant to exactly mirror the behavior of
	  <command>askpass</command>, the default password prompter.
	</para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  
  <refsect1 id="files">
    <title>FILES</title>
    <variablelist>
      <varlistentry>
	<term><filename>/dev/.initramfs/usplash_fifo</filename></term>
	<listitem>
	  <para>
	    This is the <acronym>FIFO</acronym> to where this program
	    will write the commands for <citerefentry><refentrytitle
	    >usplash</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>.  See <citerefentry><refentrytitle
	    >fifo</refentrytitle><manvolnum>7</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/dev/.initramfs/usplash_outfifo</filename></term>
	<listitem>
	  <para>
	    This is the <acronym>FIFO</acronym> where this program
	    will read the password from <citerefentry><refentrytitle
	    >usplash</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>.  See <citerefentry><refentrytitle
	    >fifo</refentrytitle><manvolnum>7</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename class="directory">/proc</filename></term>
	<listitem>
	  <para>
	    To find the running <citerefentry><refentrytitle
	    >usplash</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>, this directory will be searched for
	    numeric entries which will be assumed to be directories.
	    In all those directories, the <filename>exe</filename> and
	    <filename>cmdline</filename> entries will be used to
	    determine the name of the running binary, effective user
	    and group <abbrev>ID</abbrev>, and the command line
	    arguments.  See <citerefentry><refentrytitle
	    >proc</refentrytitle><manvolnum>5</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
      <varlistentry>
	<term><filename>/sbin/usplash</filename></term>
	<listitem>
	  <para>
	    This is the name of the binary which will be searched for
	    in the process list.  See <citerefentry><refentrytitle
	    >usplash</refentrytitle><manvolnum>8</manvolnum>
	    </citerefentry>.
	  </para>
	</listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  
  <refsect1 id="bugs">
    <title>BUGS</title>
    <para>
      Killing <citerefentry><refentrytitle>usplash</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry> and starting a new one
      is ugly, but necessary as long as it does not support aborting a
      password request.
    </para>
    <xi:include href="../bugs.xml"/>
  </refsect1>
  
  <refsect1 id="example">
    <title>EXAMPLE</title>
    <para>
      Note that normally, this program will not be invoked directly,
      but instead started by the Mandos <citerefentry><refentrytitle
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
      </citerefentry>.
    </para>
    <informalexample>
      <para>
	This program takes no options.
      </para>
      <para>
	<userinput>&COMMANDNAME;</userinput>
      </para>
    </informalexample>
  </refsect1>
  
  <refsect1 id="security">
    <title>SECURITY</title>
    <para>
      If this program is killed by a signal, it will kill the process
      <abbrev>ID</abbrev> which at the start of this program was
      determined to run <citerefentry><refentrytitle
      >usplash</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      as root (see also <xref linkend="files"/>).  There is a very
      slight risk that, in the time between those events, that process
      <abbrev>ID</abbrev> was freed and then taken up by another
      process; the wrong process would then be killed.  Now, this
      program can only be killed by the user who started it; see
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>.  This program
      should therefore be started by a completely separate
      non-privileged user, and no other programs should be allowed to
      run as that special user.  This means that it is not recommended
      to use the user "nobody" to start this program, as other
      possibly less trusted programs could be running as "nobody", and
      they would then be able to kill this program, triggering the
      killing of the process <abbrev>ID</abbrev> which may or may not
      be <citerefentry><refentrytitle>usplash</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry>.
    </para>
    <para>
      The only other thing that could be considered worthy of note is
      this:  This program is meant to be run by <citerefentry>
      <refentrytitle>plugin-runner</refentrytitle><manvolnum
      >8mandos</manvolnum></citerefentry>, and will, when run
      standalone, outside, in a normal environment, immediately output
      on its standard output any presumably secret password it just
      received.  Therefore, when running this program standalone
      (which should never normally be done), take care not to type in
      any real secret password by force of habit, since it would then
      immediately be shown as output.
    </para>
  </refsect1>
  
  <refsect1 id="see_also">
    <title>SEE ALSO</title>
    <para>
      <citerefentry><refentrytitle>intro</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>fifo</refentrytitle>
      <manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
      <manvolnum>8mandos</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>proc</refentrytitle>
      <manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>usplash</refentrytitle>
      <manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
<!-- Local Variables: -->
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
<!-- time-stamp-end: "[\"']>" -->
<!-- time-stamp-format: "%:y-%02m-%02d" -->
<!-- End: -->