/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2016-03-05">
 
5
<!ENTITY TIMESTAMP "2008-10-03">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
35
      <holder>Teddy Hogeborn</holder>
44
36
      <holder>Björn Påhlsson</holder>
45
37
    </copyright>
124
116
        <replaceable>TIME</replaceable></option></arg>
125
117
      </group>
126
118
      <sbr/>
127
 
      <group>
128
 
        <arg choice="plain"><option>--force</option></arg>
129
 
        <arg choice="plain"><option>-f</option></arg>
130
 
      </group>
 
119
      <arg><option>--force</option></arg>
131
120
    </cmdsynopsis>
132
121
    <cmdsynopsis>
133
122
      <command>&COMMANDNAME;</command>
153
142
        <arg choice="plain"><option>-n
154
143
        <replaceable>NAME</replaceable></option></arg>
155
144
      </group>
156
 
      <group>
157
 
        <arg choice="plain"><option>--no-ssh</option></arg>
158
 
        <arg choice="plain"><option>-S</option></arg>
159
 
      </group>
160
145
    </cmdsynopsis>
161
146
    <cmdsynopsis>
162
147
      <command>&COMMANDNAME;</command>
227
212
        <listitem>
228
213
          <para>
229
214
            Target directory for key files.  Default is
230
 
            <filename class="directory">/etc/mandos</filename>.
 
215
            <filename>/etc/mandos</filename>.
231
216
          </para>
232
217
        </listitem>
233
218
      </varlistentry>
239
224
        <replaceable>TYPE</replaceable></option></term>
240
225
        <listitem>
241
226
          <para>
242
 
            Key type.  Default is <quote>RSA</quote>.
 
227
            Key type.  Default is <quote>DSA</quote>.
243
228
          </para>
244
229
        </listitem>
245
230
      </varlistentry>
251
236
        <replaceable>BITS</replaceable></option></term>
252
237
        <listitem>
253
238
          <para>
254
 
            Key length in bits.  Default is 4096.
 
239
            Key length in bits.  Default is 2048.
255
240
          </para>
256
241
        </listitem>
257
242
      </varlistentry>
263
248
        <replaceable>KEYTYPE</replaceable></option></term>
264
249
        <listitem>
265
250
          <para>
266
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
251
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
267
252
            encryption-only).
268
253
          </para>
269
254
        </listitem>
276
261
        <replaceable>BITS</replaceable></option></term>
277
262
        <listitem>
278
263
          <para>
279
 
            Subkey length in bits.  Default is 4096.
 
264
            Subkey length in bits.  Default is 2048.
280
265
          </para>
281
266
        </listitem>
282
267
      </varlistentry>
300
285
        <replaceable>TEXT</replaceable></option></term>
301
286
        <listitem>
302
287
          <para>
303
 
            Comment field for key.  Default is empty.
 
288
            Comment field for key.  The default value is
 
289
            <quote><literal>Mandos client key</literal></quote>.
304
290
          </para>
305
291
        </listitem>
306
292
      </varlistentry>
358
344
          </para>
359
345
        </listitem>
360
346
      </varlistentry>
361
 
      <varlistentry>
362
 
        <term><option>--no-ssh</option></term>
363
 
        <term><option>-S</option></term>
364
 
        <listitem>
365
 
          <para>
366
 
            When <option>--password</option> or
367
 
            <option>--passfile</option> is given, this option will
368
 
            prevent <command>&COMMANDNAME;</command> from calling
369
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
370
 
            for this host and, if successful, output suitable config
371
 
            options to use this fingerprint as a
372
 
            <option>checker</option> option in the output.  This is
373
 
            otherwise the default behavior.
374
 
          </para>
375
 
        </listitem>
376
 
      </varlistentry>
377
347
    </variablelist>
378
348
  </refsect1>
379
349
  
439
409
        </listitem>
440
410
      </varlistentry>
441
411
      <varlistentry>
442
 
        <term><filename class="directory">/tmp</filename></term>
 
412
        <term><filename>/tmp</filename></term>
443
413
        <listitem>
444
414
          <para>
445
415
            Temporary files will be written here if
450
420
    </variablelist>
451
421
  </refsect1>
452
422
  
453
 
  <refsect1 id="bugs">
454
 
    <title>BUGS</title>
455
 
    <xi:include href="bugs.xml"/>
456
 
  </refsect1>
 
423
<!--   <refsect1 id="bugs"> -->
 
424
<!--     <title>BUGS</title> -->
 
425
<!--     <para> -->
 
426
<!--     </para> -->
 
427
<!--   </refsect1> -->
457
428
  
458
429
  <refsect1 id="example">
459
430
    <title>EXAMPLE</title>
479
450
    </informalexample>
480
451
    <informalexample>
481
452
      <para>
482
 
        Prompt for a password, encrypt it with the key in <filename
483
 
        class="directory">/etc/mandos</filename> and output a section
484
 
        suitable for <filename>clients.conf</filename>.
 
453
        Prompt for a password, encrypt it with the key in
 
454
        <filename>/etc/mandos</filename> and output a section suitable
 
455
        for <filename>clients.conf</filename>.
485
456
      </para>
486
457
      <para>
487
458
        <userinput>&COMMANDNAME; --password</userinput>
520
491
  <refsect1 id="see_also">
521
492
    <title>SEE ALSO</title>
522
493
    <para>
523
 
      <citerefentry><refentrytitle>intro</refentrytitle>
524
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
525
494
      <citerefentry><refentrytitle>gpg</refentrytitle>
526
495
      <manvolnum>1</manvolnum></citerefentry>,
527
496
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
529
498
      <citerefentry><refentrytitle>mandos</refentrytitle>
530
499
      <manvolnum>8</manvolnum></citerefentry>,
531
500
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
532
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
533
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
534
 
      <manvolnum>1</manvolnum></citerefentry>
 
501
      <manvolnum>8mandos</manvolnum></citerefentry>
535
502
    </para>
536
503
  </refsect1>
537
504