/mandos/release : revision 15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-07-20 06:33:48 UTC
Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8

* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml-stylesheet type="text/xsl"

href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-08-29">

<title>&COMMANDNAME;</title>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn & Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

</refmeta>

<refname><command>&COMMANDNAME;</command></refname>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<arg choice='opt'>--connect<arg choice='plain'>IP</arg></arg>

<arg choice='opt'>--keydir<arg choice='plain'>KEYDIR</arg></arg>

<arg choice='opt'>--interface<arg choice='plain'>INTERFACE</arg></arg>

<arg choice='opt'>--pubkey<arg choice='plain'>PUBKEY</arg></arg>

<arg choice='opt'>--seckey<arg choice='plain'>SECKEY</arg></arg>

<arg choice='opt'>--priority<arg choice='plain'>PRIORITY</arg></arg>

<arg choice='opt'>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice='plain'>--usage</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg choice='plain'>--version</arg>

</cmdsynopsis>

</refsynopsisdiv>

100

101

102

<title>DESCRIPTION</title>

103

<para>

104

<command>&COMMANDNAME;</command> is a mandos plugin that works

105

like a client program that through avahi detects mandos servers,

106

sets up a gnutls connect and request a encrypted password. Any

107

passwords given is automaticly decrypted and passed to

108

cryptsetup.

109

</para>

110

</refsect1>

111

112

113

<title>OPTIONS</title>

114

<para>

115

Commonly not invoked as command lines but from configuration

116

file of plugin runner.

117

</para>

118

119

120

121

<term><literal>-c</literal>, <literal>--connect=<replaceable>

122

IP</replaceable></literal></term>

123

124

<para>

125

Connect directly to a specified mandos server

126

</para>

127

</listitem>

128

</varlistentry>

129

130

131

<term><literal>-d</literal>, <literal>--keydir=<replaceable>

132

KEYDIR</replaceable></literal></term>

133

134

<para>

135

Directory where the openpgp keyring is

136

</para>

137

</listitem>

138

</varlistentry>

139

140

141

<term><literal>-i</literal>, <literal>--interface=

142

<replaceable>INTERFACE</replaceable></literal></term>

143

144

<para>

145

Interface that Avahi will conntect through

146

</para>

147

</listitem>

148

</varlistentry>

149

150

151

<term><literal>-p</literal>, <literal>--pubkey=<replaceable>

152

PUBKEY</replaceable></literal></term>

153

154

<para>

155

Public openpgp key for gnutls authentication

156

</para>

157

</listitem>

158

</varlistentry>

159

160

161

<term><literal>-s</literal>, <literal>--seckey=<replaceable>

162

SECKEY</replaceable></literal></term>

163

164

<para>

165

Secret openpgp key for gnutls authentication

166

</para>

167

</listitem>

168

</varlistentry>

169

170

171

<term><literal>--priority=<replaceable>PRIORITY</replaceable>

172

</literal></term>

173

174

<para>

175

GNUTLS priority

176

</para>

177

</listitem>

178

</varlistentry>

179

180

181

182

</literal></term>

183

184

<para>

185

dh-bits to use in gnutls communication

186

</para>

187

</listitem>

188

</varlistentry>

189

190

191

<term><literal>--debug</literal></term>

192

193

<para>

194

Debug mode

195

</para>

196

</listitem>

197

</varlistentry>

198

199

200

201

202

<para>

203

Gives a help message

204

</para>

205

</listitem>

206

</varlistentry>

207

208

209

<term><literal>--usage</literal></term>

210

211

<para>

212

Gives a short usage message

213

</para>

214

</listitem>

215

</varlistentry>

216

217

218

<term><literal>-V</literal>, <literal>--version</literal></term>

219

220

<para>

221

Prints the program version

222

</para>

223

</listitem>

224

</varlistentry>

225

</variablelist>

226

</refsect1>

227

228

229

<title>EXIT STATUS</title>

230

<para>

231

</para>

232

</refsect1>

233

234

235

<title>ENVIRONMENT</title>

236

<para>

237

</para>

238

</refsect1>

239

240

241

<title>FILES</title>

242

<para>

243

</para>

244

</refsect1>

245

246

247

248

<para>

249

</para>

250

</refsect1>

251

252

253

<title>EXAMPLE</title>

254

<para>

255

</para>

256

</refsect1>

257

258

259

<title>SECURITY</title>

260

<para>

261

</para>

262

</refsect1>

263

264

265

266

267

268

<citerefentry><refentrytitle>mandos</refentrytitle>

269

270

</para></listitem>

271

272

273

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

274

<manvolnum>8mandos</manvolnum></citerefentry>

275

</para></listitem>

276

277

278

<citerefentry><refentrytitle>password-prompt</refentrytitle>

279

<manvolnum>8mandos</manvolnum></citerefentry>

280

</para></listitem>

281

282

283

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

284

</para></listitem>

285

286

287

<ulink url="http://www.avahi.org/">Avahi</ulink>

288

</para></listitem>

289

290

291

<ulink

292

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

293

</para></listitem>

294

295

296

<ulink

297

url="http://www.gnupg.org/related_software/gpgme/">

298

GPGME</ulink>

299

</para></listitem>

300

301

302

<citation>RFC 4880: <citetitle>OpenPGP Message

303

Format</citetitle></citation>

304

</para></listitem>

305

306

307

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

308

Transport Layer Security</citetitle></citation>

309

</para></listitem>

310

311

312

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

313

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

314

Unicast Addresses</citation>

315

</para></listitem>

316

</itemizedlist>

317

</refsect1>

318

319

</refentry>

320

321

322

323

324

Older »