/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2017-02-23">
 
5
<!ENTITY TIMESTAMP "2008-10-03">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
35
      <holder>Teddy Hogeborn</holder>
45
36
      <holder>Björn Påhlsson</holder>
46
37
    </copyright>
125
116
        <replaceable>TIME</replaceable></option></arg>
126
117
      </group>
127
118
      <sbr/>
128
 
      <group>
129
 
        <arg choice="plain"><option>--force</option></arg>
130
 
        <arg choice="plain"><option>-f</option></arg>
131
 
      </group>
 
119
      <arg><option>--force</option></arg>
132
120
    </cmdsynopsis>
133
121
    <cmdsynopsis>
134
122
      <command>&COMMANDNAME;</command>
154
142
        <arg choice="plain"><option>-n
155
143
        <replaceable>NAME</replaceable></option></arg>
156
144
      </group>
157
 
      <group>
158
 
        <arg choice="plain"><option>--no-ssh</option></arg>
159
 
        <arg choice="plain"><option>-S</option></arg>
160
 
      </group>
161
145
    </cmdsynopsis>
162
146
    <cmdsynopsis>
163
147
      <command>&COMMANDNAME;</command>
228
212
        <listitem>
229
213
          <para>
230
214
            Target directory for key files.  Default is
231
 
            <filename class="directory">/etc/mandos</filename>.
 
215
            <filename>/etc/mandos</filename>.
232
216
          </para>
233
217
        </listitem>
234
218
      </varlistentry>
240
224
        <replaceable>TYPE</replaceable></option></term>
241
225
        <listitem>
242
226
          <para>
243
 
            Key type.  Default is <quote>RSA</quote>.
 
227
            Key type.  Default is <quote>DSA</quote>.
244
228
          </para>
245
229
        </listitem>
246
230
      </varlistentry>
252
236
        <replaceable>BITS</replaceable></option></term>
253
237
        <listitem>
254
238
          <para>
255
 
            Key length in bits.  Default is 4096.
 
239
            Key length in bits.  Default is 2048.
256
240
          </para>
257
241
        </listitem>
258
242
      </varlistentry>
264
248
        <replaceable>KEYTYPE</replaceable></option></term>
265
249
        <listitem>
266
250
          <para>
267
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
251
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
268
252
            encryption-only).
269
253
          </para>
270
254
        </listitem>
277
261
        <replaceable>BITS</replaceable></option></term>
278
262
        <listitem>
279
263
          <para>
280
 
            Subkey length in bits.  Default is 4096.
 
264
            Subkey length in bits.  Default is 2048.
281
265
          </para>
282
266
        </listitem>
283
267
      </varlistentry>
301
285
        <replaceable>TEXT</replaceable></option></term>
302
286
        <listitem>
303
287
          <para>
304
 
            Comment field for key.  Default is empty.
 
288
            Comment field for key.  The default value is
 
289
            <quote><literal>Mandos client key</literal></quote>.
305
290
          </para>
306
291
        </listitem>
307
292
      </varlistentry>
359
344
          </para>
360
345
        </listitem>
361
346
      </varlistentry>
362
 
      <varlistentry>
363
 
        <term><option>--no-ssh</option></term>
364
 
        <term><option>-S</option></term>
365
 
        <listitem>
366
 
          <para>
367
 
            When <option>--password</option> or
368
 
            <option>--passfile</option> is given, this option will
369
 
            prevent <command>&COMMANDNAME;</command> from calling
370
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
371
 
            for this host and, if successful, output suitable config
372
 
            options to use this fingerprint as a
373
 
            <option>checker</option> option in the output.  This is
374
 
            otherwise the default behavior.
375
 
          </para>
376
 
        </listitem>
377
 
      </varlistentry>
378
347
    </variablelist>
379
348
  </refsect1>
380
349
  
440
409
        </listitem>
441
410
      </varlistentry>
442
411
      <varlistentry>
443
 
        <term><filename class="directory">/tmp</filename></term>
 
412
        <term><filename>/tmp</filename></term>
444
413
        <listitem>
445
414
          <para>
446
415
            Temporary files will be written here if
451
420
    </variablelist>
452
421
  </refsect1>
453
422
  
454
 
  <refsect1 id="bugs">
455
 
    <title>BUGS</title>
456
 
    <xi:include href="bugs.xml"/>
457
 
  </refsect1>
 
423
<!--   <refsect1 id="bugs"> -->
 
424
<!--     <title>BUGS</title> -->
 
425
<!--     <para> -->
 
426
<!--     </para> -->
 
427
<!--   </refsect1> -->
458
428
  
459
429
  <refsect1 id="example">
460
430
    <title>EXAMPLE</title>
480
450
    </informalexample>
481
451
    <informalexample>
482
452
      <para>
483
 
        Prompt for a password, encrypt it with the key in <filename
484
 
        class="directory">/etc/mandos</filename> and output a section
485
 
        suitable for <filename>clients.conf</filename>.
 
453
        Prompt for a password, encrypt it with the key in
 
454
        <filename>/etc/mandos</filename> and output a section suitable
 
455
        for <filename>clients.conf</filename>.
486
456
      </para>
487
457
      <para>
488
458
        <userinput>&COMMANDNAME; --password</userinput>
521
491
  <refsect1 id="see_also">
522
492
    <title>SEE ALSO</title>
523
493
    <para>
524
 
      <citerefentry><refentrytitle>intro</refentrytitle>
525
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
526
494
      <citerefentry><refentrytitle>gpg</refentrytitle>
527
495
      <manvolnum>1</manvolnum></citerefentry>,
528
496
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
530
498
      <citerefentry><refentrytitle>mandos</refentrytitle>
531
499
      <manvolnum>8</manvolnum></citerefentry>,
532
500
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
533
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
534
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
535
 
      <manvolnum>1</manvolnum></citerefentry>
 
501
      <manvolnum>8mandos</manvolnum></citerefentry>
536
502
    </para>
537
503
  </refsect1>
538
504