/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to network-protocol.txt

Committer: Teddy Hogeborn
Date: 2008-10-03 09:32:30 UTC
Revision ID: teddy@fukt.bsnet.se-20081003093230-rshn19e0c19zz12i

* .bzrignore (plugins.d/askpass-fifo): Added.

* Makefile (FORTIFY): Added "-fstack-protector-all".
  (mandos, mandos-keygen): Use more strict regexps when updating the
                           version number.

* mandos (Client.__init__): Use os.path.expandvars() and
                            os.path.expanduser() on the "secfile"
                            config value.

* plugins.d/splashy.c: Update comments and order of #include's.
  (main): Check user and group when looking for running splashy
          process.  Do not ignore ENOENT from execl().  Use _exit()
          instead of "return" when an error happens in child
          processes.  Bug fix: Only wait for splashy_update
          completion if it was started.  Bug fix: detect failing
          waitpid().  Only kill splashy_update if it is running.  Do
          the killing of the old splashy process before the fork().
          Do setsid() and setuid(geteuid()) before starting the new
          splashy.  Report failing execl().

* plugins.d/usplash.c: Update comments and order of #include's.
  (main): Check user and group when looking for running usplash
          process.  Do not report execv() error if interrupted by a
          signal.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

INSTALL

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

files removed:
network-protocol.txt

files renamed:
server.py => mandos

server.conf => mandos.conf

plugbasedclient.c => plugin-runner.c

plugins.d/mandosclient.c => plugins.d/mandos-client.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

network-protocol.txt

1

Network Protocol Version 1

2

3

The server announces itself as an IPv6 Zeroconf service of type

4

"_mandos._tcp". A connecting client sends a line of text where the

5

first whitespace-separated field is the protocol version, which

6

currently is "1". The client and server then start a TLS handshake,

7

with the unusual property that the server program acts as a TLS

8

"client" and the connecting client acts as a TLS "server". In this

9

TLS handshake the client must supply an OpenPGP certificate, and the

10

fingerprint of this certificate is used by the server to look up (in a

11

list read from file at start time) which binary blob to give the

12

client. No other authentication or authorization is done by the

13

server. After the binary blob is sent by the server to the client,

14

the server closes the connection.

Older »