/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2014-06-22">
 
5
<!ENTITY TIMESTAMP "2008-10-03">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
35
      <holder>Teddy Hogeborn</holder>
39
36
      <holder>Björn Påhlsson</holder>
40
37
    </copyright>
119
116
        <replaceable>TIME</replaceable></option></arg>
120
117
      </group>
121
118
      <sbr/>
122
 
      <group>
123
 
        <arg choice="plain"><option>--force</option></arg>
124
 
        <arg choice="plain"><option>-f</option></arg>
125
 
      </group>
 
119
      <arg><option>--force</option></arg>
126
120
    </cmdsynopsis>
127
121
    <cmdsynopsis>
128
122
      <command>&COMMANDNAME;</command>
148
142
        <arg choice="plain"><option>-n
149
143
        <replaceable>NAME</replaceable></option></arg>
150
144
      </group>
151
 
      <group>
152
 
        <arg choice="plain"><option>--no-ssh</option></arg>
153
 
        <arg choice="plain"><option>-S</option></arg>
154
 
      </group>
155
145
    </cmdsynopsis>
156
146
    <cmdsynopsis>
157
147
      <command>&COMMANDNAME;</command>
222
212
        <listitem>
223
213
          <para>
224
214
            Target directory for key files.  Default is
225
 
            <filename class="directory">/etc/mandos</filename>.
 
215
            <filename>/etc/mandos</filename>.
226
216
          </para>
227
217
        </listitem>
228
218
      </varlistentry>
234
224
        <replaceable>TYPE</replaceable></option></term>
235
225
        <listitem>
236
226
          <para>
237
 
            Key type.  Default is <quote>RSA</quote>.
 
227
            Key type.  Default is <quote>DSA</quote>.
238
228
          </para>
239
229
        </listitem>
240
230
      </varlistentry>
246
236
        <replaceable>BITS</replaceable></option></term>
247
237
        <listitem>
248
238
          <para>
249
 
            Key length in bits.  Default is 4096.
 
239
            Key length in bits.  Default is 2048.
250
240
          </para>
251
241
        </listitem>
252
242
      </varlistentry>
258
248
        <replaceable>KEYTYPE</replaceable></option></term>
259
249
        <listitem>
260
250
          <para>
261
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
251
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
262
252
            encryption-only).
263
253
          </para>
264
254
        </listitem>
271
261
        <replaceable>BITS</replaceable></option></term>
272
262
        <listitem>
273
263
          <para>
274
 
            Subkey length in bits.  Default is 4096.
 
264
            Subkey length in bits.  Default is 2048.
275
265
          </para>
276
266
        </listitem>
277
267
      </varlistentry>
295
285
        <replaceable>TEXT</replaceable></option></term>
296
286
        <listitem>
297
287
          <para>
298
 
            Comment field for key.  Default is empty.
 
288
            Comment field for key.  The default value is
 
289
            <quote><literal>Mandos client key</literal></quote>.
299
290
          </para>
300
291
        </listitem>
301
292
      </varlistentry>
353
344
          </para>
354
345
        </listitem>
355
346
      </varlistentry>
356
 
      <varlistentry>
357
 
        <term><option>--no-ssh</option></term>
358
 
        <term><option>-S</option></term>
359
 
        <listitem>
360
 
          <para>
361
 
            When <option>--password</option> or
362
 
            <option>--passfile</option> is given, this option will
363
 
            prevent <command>&COMMANDNAME;</command> from calling
364
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
365
 
            for this host and, if successful, output suitable config
366
 
            options to use this fingerprint as a
367
 
            <option>checker</option> option in the output.  This is
368
 
            otherwise the default behavior.
369
 
          </para>
370
 
        </listitem>
371
 
      </varlistentry>
372
347
    </variablelist>
373
348
  </refsect1>
374
349
  
434
409
        </listitem>
435
410
      </varlistentry>
436
411
      <varlistentry>
437
 
        <term><filename class="directory">/tmp</filename></term>
 
412
        <term><filename>/tmp</filename></term>
438
413
        <listitem>
439
414
          <para>
440
415
            Temporary files will be written here if
475
450
    </informalexample>
476
451
    <informalexample>
477
452
      <para>
478
 
        Prompt for a password, encrypt it with the key in <filename
479
 
        class="directory">/etc/mandos</filename> and output a section
480
 
        suitable for <filename>clients.conf</filename>.
 
453
        Prompt for a password, encrypt it with the key in
 
454
        <filename>/etc/mandos</filename> and output a section suitable
 
455
        for <filename>clients.conf</filename>.
481
456
      </para>
482
457
      <para>
483
458
        <userinput>&COMMANDNAME; --password</userinput>
516
491
  <refsect1 id="see_also">
517
492
    <title>SEE ALSO</title>
518
493
    <para>
519
 
      <citerefentry><refentrytitle>intro</refentrytitle>
520
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
521
494
      <citerefentry><refentrytitle>gpg</refentrytitle>
522
495
      <manvolnum>1</manvolnum></citerefentry>,
523
496
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
525
498
      <citerefentry><refentrytitle>mandos</refentrytitle>
526
499
      <manvolnum>8</manvolnum></citerefentry>,
527
500
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
528
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
529
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
530
 
      <manvolnum>1</manvolnum></citerefentry>
 
501
      <manvolnum>8mandos</manvolnum></citerefentry>
531
502
    </para>
532
503
  </refsect1>
533
504